[TriLUG] Linux Mint Site Hacked

tj via TriLUG trilug at trilug.org
Mon Feb 22 16:37:50 EST 2016 

vulnerable-ity  does not has faces: open or closed sources.

the question, how fast/slow the response on open or closed sourced to patch
the bug.

the most I am worried is "ransom ware" :P...

On Mon, Feb 22, 2016 at 2:07 PM, Roger W. Broseus via TriLUG <
trilug at trilug.org> wrote:

> The short answer is YES: Hacks and vulnerabilities go undiscovered,
> sometimes for years. To-wit: the Heartbleed and it was in openSSL, i.e.,
> open source. See http://heartbleed.com. It is likely that some sites are
> still vulnerable due site maintainers not doing updates.
>
> In my view, open source software is as vulnerable as is private source,
> particularly if the developer is primarily interested in the functionality
> / utility of the software and may not concentrate on security /
> vulnerabilities. And, bugs can go undiscovered for a long time. The
> Heartbleed vulnerability is a classic example of this.
>
> --
> Roger W. Broseus - Linux User
>     Email: RogerB at bronord.com
>     Web Site: www.bronord.com
>
>
> On 02/22/2016 01:25 PM, John Vaughters via TriLUG wrote:
>
>> If anything, this was more an attack on the users rather than the OS...
>>>
>> Very true, but let's think like a Crack Head.
>> Continuous stream software upgraded right after compiled or source loaded
>> and compiled by the user. Does anyone REALLY check for back doors. Given a
>> large enough user base, would it be so difficult to hide some code that
>> could eventually get root access, stay hidden and create a stealth
>> backdoor. That once penetrated to the concentration level needed could be
>> part of a large network of compromised computers ready to do many types of
>> attacks. If the distribution was large enough and the software was popular
>> enough, you could launch the attack and start doing damage within hours and
>> who really cares if it is noticed and shutdown, it's too late. Damage was
>> done.
>>
>> A few years ago, 7 perhaps, yahoo was shutdown with denial of service
>> attacks. So yes it is not an attack on the OS, but an attack none the less.
>> Many Windows attacks are also user instigated. Probably the number one
>> issue for all viruses are User instigated. But they can be just as
>> dangerous. My Kids, mostly adults now, used to be the biggest source of
>> virus attacks at my house, so much so they were all nicknamed after viruses
>> at some point. Messages from ISP's to shutdown rouge spam servers,
>> Backdoors galore, ransom software. Yes, all windows, but User instigated.
>> Thankfully through removal of Windows and kids that can learn. I am done
>> being a virus super hero. How much you learn from fighting viruses. Only
>> once did I get beat by a ransom software that had to be re-imaged. I am
>> still irritated I lost that battle. Not because I lost anything, but
>> because they beat me. Changed the registry to not even allow safe mode and
>> many other nasty system changes. There was only one reason I lost this
>> battle, i did not have registry change logging. I got the same virus on a
>> machine that had registry change logging and I was able to roll back
>> everything. What a disaster. too many gorrie details and a lost weekend to
>> boot. oops!!!!! tangent. OK you get it I'm still angry.
>>
>> Linux is not immune to bad users, the Crack Heads have just not focused
>> on it because the numbers do not pan out. I did have one process on a
>> Fedora box that was cranking up my home WAN to the max and I never did
>> identify what the traffic was, but I shut the process down and wiped it
>> from the disk. I still have no idea how it got there. That is quite
>> honestly the only POSSIBLE attack I have ever seen on a Linux box, but I
>> cannot be sure if it was just a bad process mode or an actual attack. Linux
>> immunity is primarily due to undesirable numbers of bad users that make the
>> Crack Heads not spend their time.
>>
>> My preference is still slow development Centos and RedHat. But my world
>> is server land and properly implemented Linux is still by far your best
>> bet, but not immune. Nothing is immune. We all get the occasional
>> Heartbleed, and sometimes we get BASHed. Sorry for the Puns `,~)
>> John Vaughters
>>
>>
>>
>>
>>
>>
>
> --
> This message was sent to: fendy <bimasakti at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/bimasakti%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome
>

More information about the TriLUG mailing list