-
-
Re: Comments on this article?
There's not enough in the article to take it seriously.
Regarding the "supposed" subject matter I would have to say that my web hosting provider has not given me root access and I assume that no one other than themselves would be able to do something with this "exploit". Are there servers going down out there because of this? Or is this about desktop servers, or browsers, or people who run untrusted executables, or etc .... (sigh) Anyway, when things are vague, they're vague.
PS: It's really just a Ksplice ad - not an article.
-
"A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962.Comment
-
Re: Comments on this article?
Ahhhh.... didn't see that post GG, sorry. Yes I agree that article was skimpy on the details and GG you really filled in the gaps. Again, I really don;t know why the jump to quick flame Linux especially when it is addressed so quickly. And that there is key. I guess as Linux makes more and more head way the more negative press it will get.Originally posted by GreyGeekComment
-
Re: Comments on this article?
But, we have no trouble identifying the source!Originally posted by MoonRise
"A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962.Comment
-
Re: Comments on this article?
True, so ture.Comment
-
Re: Comments on this article?
I could have made additional comments about that article.
First, in my other response, I established that Hawkes announced the hole on the 17th and that Ubuntu had patched it that day and made it part of the automatic updates, which hit my machine at 5pm and later a second kernel came at 11pm.
Notice the date on that "news" story:
His announcement was a day late and a dollar short.Posted in System administration on September 18th, 2010
One cannot over look the self-serving nature of the announcement:
and this gem:Hi. I’m the original developer of Ksplice and the CEO of the company.
"Might"? Ya think? Ubuntu and Kubuntu were already patched and protected A DAY BEFORE his magnanimous offer! What are the odds he knew that but was willing to sell his product to Ubuntu/Kubuntu users anyway?Although it might seem self-serving, I do know of one sure way to fix this vulnerability right away on running production systems, and it doesn’t even require you to reboot: you can (for free) download Ksplice Uptrack and fully update any of the distributions that we support (We support .....Ubuntu, ...)
What is KSplice?
A subscription service ...for $4/mo per server, up to 20, and $3/mo for more than that. For free? Only Ubuntu and Fedora 13 desktops, not servers.Ksplice Uptrack is a subscription service that lets you apply 100% of the important kernel security updates released by your Linux vendor without rebooting.
And, since he's selling a kernel updating service, the key feature of which is not having to reboot after the update, of what value is the "free" part if the update has already been done?
IF anyone was exploited by this LOCAL exploit, even IF they were KSplice clients, they didn't know about it before the 17th, (or we would have heard about it before the 17th) and that announcement wasn't until the 18th. How could they report what they didn't know?in the last day we’ve received many reports of people attacking production systems using an exploit for this vulnerability,
EVEN MORE BLARING, that hole was fixed in 2007 but in 2008 a regression reintroduced it. So, KSplice has been updating kernels containing that hole for two years, but NO ONE reported it before the announcement on the 17th, and KSplice didn't know about it either.
Like the PAM exploit, I doubt that this LOCAL threat was in the wild or even known by hackers until Hawkes announcement. By then it was too late for them. I seriously doubt that there were ANY exploits found in the wild at all, even if someone reads about this exploit on the 18th and "thinks" that it "explains" some mysterious problems they think they are having.
"A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962.Comment
-
Re: Comments on this article?
Interesting. Thanks GG!Comment
- Please do not use the CODE tag when pasting content that contains formatting (colored, bold, underline, italic, etc) Use the QUOTE tag instead.
The CODE tag displays all content as plain text, including the formatting tags, making it difficult to read. - The following Topic Prefixes are designated for use in Community Cafe:
DS (Distribution Showdown) GN (Geek News) KLD (Kubuntu or Linux Discussion) TWC (The Water Cooler) KUT (Kubuntu User Testimony) NRD (Next Release Discussion)
While use is not required, doing so allows for efficient Filtering.
Comment