Popular Posts

  • IT Auditing at ADM
    This past Tuesday December 3rd, 2013 we had two  guest speakers from ADM , Gary Hotwick and Wayne Sharp. Gary is a Millikin Grad who graduat...
  • Security of Picture Gesture Authentication
    When windows 8 was introduced it came with a new form of password security with the picture  gesture authentication. With time we realize...
  • Linux vulnerability
    The Linux operating system has a vulnerability within it for the past two years, it gives "untrusted" users with restricted accoun...
  • Adobe Data Breach
    Adobe systems recently confirmed that it's network was breached during an attack in which 2.9 million of their customers had their infor...
  • Database Security Vunerabilities
    There are certain common and serious database vulnerabilities that most businesses that deals with data should know of. Cyber attack has bee...
  • Linux is more Secure than Windows
    For small businesses or organizations that are lacking dedicated IT security staff using Linux can be very beneficial. There is a saying wit...
  • Internet Explorer Zero-Day
    There is a zero day flaw in Internet explorer, this impacts all versions of the browser but it seemed as though criminals are more focused ...

Sunday, October 20, 2013

Linux vulnerability

The Linux operating system has a vulnerability within it for the past two years, it gives "untrusted" users with restricted accounts root access over machines. Along with the machines, it also affected severs running in shared web hosting facilities and other sensitive environments. The maintainers of Linux operating system quietly released an update that patched the hole. Even a month after the patch was sent out most users still remains wide open; mostly because they were not aware of the vulnerability.

The severity of the bug is in Linux kernel's performance counters subsystem and became clear when the code exploiting they vulnerability was publicly available. The script is used to take control of servers that are operated by many shared web providers. Basically hackers with limited control over a a Linux machine can use the bud to escalate their privileges.

Security is such a huge matter when it comes to business dealing, it was wrong for Linux not to publicly disclose this issue so that all that were affected can take the necessary steps towards avoiding that.

http://arstechnica.com/security/2013/05/critical-linux-vulnerability-imperils-users-even-after-silent-fix/
Posted by at

2 comments:

  1. UnknownOctober 21, 2013 at 10:59 AM

    This week has been my first introduction to the Linux operating system. Before this lab, I knew nothing about it. I am still becoming familiar with it, but this sounds like an issue that needs to be resolved before Linux becomes known for vulnerabilities. Users may have very sensitive or personal information or files that become subject to risk. Because Linux is an open source and free software, I assume that it may have more bugs than other operating systems. I would like to provide feedback on how I believe these issues should be monitored and resolved, but I feel that I do not know enough about this OS to offer my opinion. I hope the updated patched get out to all Linux users and this vulnerability is resolved, before a serious data breach occurs.

    ReplyDelete
  2. UnknownNovember 4, 2013 at 10:56 PM

    I agree, the company should have taken better precaution and when they were made known of the vulnerability they should have informed their users. They were negligent in protecting their customer's data.

    ReplyDelete

Subscribe to: Post Comments (Atom)