The serious tech journalists at XKCD have uncovered some major new security holes in some popular Linux distributions. Note: Coincidentally, after fixing some major hardware issues, Focus Shift is back.
The serious tech journalists at XKCD have uncovered some major new security holes in some popular Linux distributions. Note: Coincidentally, after fixing some major hardware issues, Focus Shift is back.
It’s all made very clear for me now. I know which Distro is the best. Thanks to those guys (people – in case there are any cool chicks there) for making it easy on all of us.
Just the remedy after a busy working day… on a bank holiday
Is it just me, or is the topic a little too vague and confusing? I mean, it’s bad enough the teaser is almost always copy/pasted from the source, but can’t there be a shred more of effort put in anymore?
Congratulations! You’re the winner of this week’s “missing the point” sweepstakes!
take a +1 from me… I can’t give it normally as I have already posted
Did it for you, and you got a +1 too !
It’s gratifying to see that openSUSE managed to escape the list of glaring security problems. Congrats to the dev teams, I believe their holistic approach to assessing vulnerabilities gives them a clear advantage over the distros listed in the article.
FWIW, the bug with the decoder rings in Fedora was admittedly an issue with an earlier version of openSUSE, but it was very quickly identified and nixed with a security update. It’s remarkable to see that other distros fail, even in this day and age, to take preventative measures against well known attack vectors. Don’t even get me started on the root access vulnerability for slackware that was mentioned in the article, how has that not been addressed yet?
Security is a mindset, above all else.
Well, if your running Slackware 12.0, then yes, your most likely vulnerable, but it has been addressed with the release of 12.1, unless there is an issue with openssl-0.9.8g itself.
when I’ve found myself wondering where that xkcd comic come from, and where the security article was.
Sorry, I thought today was Memorial Day?
For some reason this feels like a paid advertisement that was supposed to seem like a normal OSAlert post… Didn’t work for me, sorry.
I’m a little surprised not to see a link on OSAlert to the incident that inspired this comic. Maybe the editors knew it would turn into a flamefest. Seriously though, it’s somewhat of a major story. I’m a Debian user myself, and I’m really horrified at the bug one of their developers introduced to their version of OpenSSL.
It’s one of those things that makes one think about distros and their relationship to upstream, about whether one’s distro choice is sound, about how easy it is to trust code, etc etc. Seems like something that should be addressed on OSAlert, even if it might be a crapstorm. Apologies if I missed it somewhere..
I’m also a Debian user and am horrified as well.
I’m considering switching to Arch linux due to their policy of not messing with the source that comes from the original maintainer.
Arch seems to currently add three patches to their openssl package.
http://repos.archlinux.org/viewvc.cgi/openssl/repos/core-i686/
Some Arch packages, like firefox, have more patches.
http://repos.archlinux.org/viewvc.cgi/firefox/repos/extra-i686/