Flaw in Linux kernel allows attack

TalkBack 32 of 93:: Next »; « Previous

Thread View
Flat View

Are you reading the same article ?: I don't remember it ever says anything about the compromised was done via a physical touching of the machine (developer). All it says, and I quoted:

"The attacker gained access to one of the systems by compromising a developer's computer and installing a program to sniff out the characters typed on the developer's keyboard, according to a postmortem analysis..."

Okay, so this is how the hacker got the password into the Develoment System as a DEVELOPER. But then, the big flaw is then it was then able to (and I quote again) "...Using the September flaw, the attacker gained owner privileges on Klecker. This is frequently referred to as "owning" the system. The flaw--in a part of the kernel that manages memory--allows only users that already have access to the system to raise their privileges. Such flaws are less critical than vulnerabilities that give an outside attacker access to a server and so are fixed less quickly...."

I believed that the problem here is that these 'Less Critical Flaw' is NOT looked at as careful as one would believed that they are or else there wouldn't be a compromise.

It's easy to hack into a user's desktop system via different ways (social engineering hack, etc), but Linux's strength was supposed to be on the Servers. What this flaw tells me is that if I have an inside person then I could be in for a big problem. Which, according to all security/business reports, are the #1 cause of security/thief for any business.

Spin as you will, this just says that Linux is finally growing up and are now facing the same problems that MS has been for years and that the microscrope is only going to be right on top of them.; Posted by: JJ_z Posted on: 12/02/03 You are currently: a Guest | Members login | Terms of Use

Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

What's going on with these attacks FilledOut | 12/01/03

because they can? (nt) ryusen | 12/01/03

This is what I've been saying all along.. d_jedi | 12/02/03

Hey all you MS shills (No_Ax, LMaxwell,...) heres your chance ... Plain Logic | 12/01/03

No need for flames toadlife | 12/01/03

Exactly ... Ardian Daka | 12/02/03

btw... toadlife | 12/01/03

For me... Cardinal_Bill | 12/01/03

For me... none none | 12/01/03

Try OS X Len Rooney | 12/01/03

Better GUI? balsover | 12/02/03

The command line's still there in Linux. Damon K | 12/02/03

and me.. FreeBSD | 12/02/03

btw... mtifo@... | 12/02/03

Both dscherf | 12/02/03

Agreed.. FreeBSD | 12/02/03

Why I prefer Linux voska | 12/02/03

Good reasons dscherf | 12/02/03

Apps.. FreeBSD | 12/02/03

Thanx, I'll take look voska | 12/02/03

What's to flame? Flaming is for children. No_Ax_to_Grind | 12/02/03

Nice to have a completely open system, without anything hidden. DonnieBoy | 12/01/03

Of interest is that it required a *physical* compromise of a machine plus.. dicktaurus@... | 12/01/03

bottom line, it WAS COMPROMISED!!!! DO_z | 12/01/03

what's your point? stephen732@... | 12/01/03

FALSE! IT_User | 12/02/03

Where did it say physical access? default user_z | 12/02/03

Nevermind default user_z | 12/02/03

Only on X86 machines voska | 12/02/03

I call bovine manure... Damon K | 12/02/03

If he had physical access voska | 12/02/03

Are you reading the same article ? JJ_z | 12/02/03

ZDNet never gives the full story. Jomo_z | 12/02/03

It's simple. Damon K | 12/02/03

Where's the linux advocates? DO_z | 12/01/03

fanatics myndlon@... | 12/02/03

Who said Linux was bullet-proof? Damon K | 12/02/03

Ok, Neal Stephenson... Delaware Boy | 12/02/03

Ok, Neal Stephenson... balsover | 12/02/03

Agreed. Stephenson's fun, but... Damon K | 12/02/03

I hear ya, dude.. Delaware Boy | 12/02/03

Mmmm.... Donut..... Damon K | 12/02/03

Just one nit, db IT_User | 12/02/03

*Now* Delaware Boy | 12/02/03

It's only bulletproof... msdead | 12/02/03

consistancy of your words... ryusen | 12/02/03

physical security.... zoltrac | 12/01/03

Nothing new...nothing is 100% secure jimk_z | 12/01/03

Exactly correct d_jedi | 12/02/03

Partially Correct bit_rot | 12/02/03

Subject correct IT_User | 12/02/03

I agree with "nothing is 100% secure" but that's about all Richard Flude | 12/02/03

re jimk_z | 12/02/03

Software Review Is Useless TEBushmaker | 12/01/03

You miss half the point of Reviews... Root User | 12/02/03

Security crocd | 12/02/03

what can be gained? myndlon@... | 12/02/03

Broken Style Sheets, Broken phone Battery Nigel Johnstone | 12/02/03

Wheres the hole? OhMyGosh | 12/02/03

Blame ZDNet for that. Damon K | 12/02/03

OK, class, pop quiz.... mlindl | 12/02/03

Believe it or not it is a Windows Platform Squawkbox | 12/02/03

OS/2? archerjoe | 12/02/03

OS/Who? balsover | 12/02/03

I know one... gypkap@... | 12/02/03

OS/2 is close, OS/400 by IBM nucrash | 12/02/03

I got it.. Pick me.. Pick me.. FreeBSD | 12/02/03

VMS Yagotta B. Kidding | 12/02/03

I've never heard of rkadowns | 12/02/03

One More slopoke | 12/02/03

It's all good. rkadowns | 12/02/03

Yup Yup voska | 12/02/03

Yup Yup Yup rkadowns | 12/02/03

Another M$ shill rears his brainless head. NoB$ | 12/02/03

Newsflash! IT_User | 12/02/03

More details for those who want em voska | 12/02/03

Good Info michael-t | 12/02/03

Run in circles...scream and shout! Cardinal_Bill | 12/02/03

real point is !! nite_w0lf | 12/02/03

Yup.. FreeBSD | 12/02/03

Big deal. No software is completely secure - Linux included marksashton | 12/02/03

Ignore the Zealots... ryusen | 12/02/03

Linux Kernel Writers should talk to their UNIX Friends michael-t | 12/02/03

It isn't us! We swear! msdead | 12/02/03

Sloppy source movement strikes again gklay | 12/02/03

Good point (but your headline probably turned people off) marksashton | 12/02/03

Exactly! michael-t | 12/02/03

Unanswered Questions michael-t | 12/02/03

Keeps M$ shills from going crazy NoB$ | 12/02/03

another security hole! SteveS_z | 12/02/03

Mandrake 9.2 not affected. libertyaikido | 12/02/03

Linux flaw jumby@... | 12/02/03

Just read the tech forums FilledOut | 12/04/03

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
Building the Virtualized Enterprise with VMware Infrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the costs of maintain ever larger data centers?or building ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SmartPlanet

Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
More from IBM
How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
Linking Decisions and Information for Organizational Performance Read the Tom Davenport study

Read the original story

Flaw in Linux kernel allows attack

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads