Announcement
Collapse
No announcement yet.
Comments on this article?
Collapse
This topic is closed.
X
X
-
Re: Comments on this article?
There's not enough in the article to take it seriously.
Regarding the "supposed" subject matter I would have to say that my web hosting provider has not given me root access and I assume that no one other than themselves would be able to do something with this "exploit". Are there servers going down out there because of this? Or is this about desktop servers, or browsers, or people who run untrusted executables, or etc .... (sigh) Anyway, when things are vague, they're vague.
PS: It's really just a Ksplice ad - not an article.
- Top
- Bottom
-
-
Re: Comments on this article?
Originally posted by GreyGeekSee my original comment on this "news" here.
- Top
- Bottom
Comment
-
Re: Comments on this article?
Originally posted by MoonRise.... I guess as Linux makes more and more head way the more negative press it will get."A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962.
- Top
- Bottom
Comment
-
Re: Comments on this article?
I could have made additional comments about that article.
First, in my other response, I established that Hawkes announced the hole on the 17th and that Ubuntu had patched it that day and made it part of the automatic updates, which hit my machine at 5pm and later a second kernel came at 11pm.
Notice the date on that "news" story:
Posted in System administration on September 18th, 2010
One cannot over look the self-serving nature of the announcement:
Hi. I’m the original developer of Ksplice and the CEO of the company.
Although it might seem self-serving, I do know of one sure way to fix this vulnerability right away on running production systems, and it doesn’t even require you to reboot: you can (for free) download Ksplice Uptrack and fully update any of the distributions that we support (We support .....Ubuntu, ...)
What is KSplice?
Ksplice Uptrack is a subscription service that lets you apply 100% of the important kernel security updates released by your Linux vendor without rebooting.
And, since he's selling a kernel updating service, the key feature of which is not having to reboot after the update, of what value is the "free" part if the update has already been done?
in the last day we’ve received many reports of people attacking production systems using an exploit for this vulnerability,
EVEN MORE BLARING, that hole was fixed in 2007 but in 2008 a regression reintroduced it. So, KSplice has been updating kernels containing that hole for two years, but NO ONE reported it before the announcement on the 17th, and KSplice didn't know about it either.
Like the PAM exploit, I doubt that this LOCAL threat was in the wild or even known by hackers until Hawkes announcement. By then it was too late for them. I seriously doubt that there were ANY exploits found in the wild at all, even if someone reads about this exploit on the 18th and "thinks" that it "explains" some mysterious problems they think they are having.
"A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962.
- Top
- Bottom
Comment
Comment