Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Welcome Back Kernel.org

samzenpus posted more than 2 years ago | from the look-who's-back dept.

Security 94

Hummdis writes "After more than a month of being offline due to a security breach at Kernel.org, they're back! While they were down, they took the time to 're-architect' the site for developers and users. A statement reads: 'As noted previously, kernel.org suffered a security breach. Because of this, we have taken the time to re-architect the site in order to improve our systems for developers and users of kernel.org. To this end, we would like all developers who previously had access to kernel.org who wish to continue to use it to host their git and static content, to follow the instructions here. Right now, www.kernel.org and git.kernel.org have been brought back online. All developer git trees have been removed from git.kernel.org and will be added back as the relevant developers regain access to the system. Thanks to all for your patience and understanding during our outage and please bear with us as we bring up the different kernel.org systems over the next few weeks. We will be writing up a report on the incident in the future.'"

cancel ×

94 comments

Lessons for others? (1)

G3ckoG33k (647276) | more than 2 years ago | (#37616562)

Welcome back.

Which are the lessons for others to learn?

Re:Lessons for others? (-1)

Anonymous Coward | more than 2 years ago | (#37616648)

Linux is defective by design, duh!

Re:Lessons for others? (1)

kthreadd (1558445) | more than 2 years ago | (#37617090)

Linux is defective by design, duh!

No, not really. Linux itself was not responsible for the incident so that would be inaccurate leasson to learn. The leasson would rather be that it doesn't matter how strong a door is if you leave the key on a bar.

Re:Lessons for others? (-1)

Anonymous Coward | more than 2 years ago | (#37618382)

Fucking learn how to spell you dumb cunt. I'm really sick of moron Slashtards who can't even spell on the 3rd grade level. You're a fucking retard and probably spend more time listening than talking. Shitball dickwad.

Re:Lessons for others? (1)

mug funky (910186) | more than 2 years ago | (#37619730)

spend more time listening than talking.

please.

Re:Lessons for others? (1)

galanom (1021665) | more than 2 years ago | (#37621208)

You've never been to YouTube, right?

Re:Lessons for others? (1)

Anonymous Coward | more than 2 years ago | (#37616846)

From TFA: "We will be writing up a report on the incident in the future."

Re:Lessons for others? (0)

somersault (912633) | more than 2 years ago | (#37617596)

From what I've seen in kernel hacking documentation and tutorials so far, that means "we're probably not going to get around to telling you what happened"..

Re:Lessons for others? (1)

mug funky (910186) | more than 2 years ago | (#37619756)

wtf are you talking about? you think the kernel.org admins write all the documentation for all of linux?

Re:Lessons for others? (1)

somersault (912633) | more than 2 years ago | (#37623592)

I don't think the two are necessarily mutually exclusive, but it was mostly just a joke. The kernel's APIs change quite regularly, and things like the Linux Kernel Module Programming Guide haven't been updated to reflect 3.0.0 yet. Programmers are notorious for enjoying coding, but forgetting to do documentation (myself included).

Re:Lessons for others? (1)

Hummdis (1337219) | more than 2 years ago | (#37616852)

An article on Ars Technia [arstechnica.com] stated that:

"The intrusion was reported to kernel.org users earlier this week by site administrator John Hawley. The attack is believed to have occurred on August 12 but wasn't detected until August 28. The attack vector isn't known for certain, but it is thought that the attacker somehow obtained a legitimate user's login credentials and then exploited an unknown privilege escalation vulnerability. The attack was discovered when an Xnest error message was found in the system logs on a server that did not have Xnest installed."

Re:Lessons for others? (4, Informative)

diegocg (1680514) | more than 2 years ago | (#37616914)

"The compromise of kernel.org and related machines has made it clear that some developers, at least, have had their systems penetrated. As we seek to secure our infrastructure, it is imperative that nobody falls victim to the belief that it cannot happen to them. We all need to check our systems for intrusions. Here are some helpful hints as proposed by a number of developers on how to check to see if your Linux machine might be infected with something" [gmane.org]

Re:Lessons for others? (0)

microbee (682094) | more than 2 years ago | (#37617962)

One person in my company had account on kernel.org. He then found out his laptop was compromised, which meant that our company's VPN access was also compromised. The company had to do a whole lot of security auditing.

Re:Lessons for others? (0)

Lunix Nutcase (1092239) | more than 2 years ago | (#37617020)

It means there are probably quite a few rooted Linux boxes out there and the users don't realize it because they bought into hype that their computer had impenetrable security.

Re:Lessons for others? (1)

Runaway1956 (1322357) | more than 2 years ago | (#37617176)

I don't think that there is a *nix user anywhere, outside of Apple Phanbois, who think their system is "impenetrable". The common wisdom is, our security is superior to Window's security, but that doesn't translate to "impenetrable".

Re:Lessons for others? (1)

Lunix Nutcase (1092239) | more than 2 years ago | (#37617274)

All it takes is a simple google search to find numerous claims of Linux being impenetrable. It doesn't matter the claims are wrong, but the claims have been made by write a few people.

Re:Lessons for others? (1)

mug funky (910186) | more than 2 years ago | (#37619796)

searchreplace "linux" for "OSX" and watch the google hits increase.

Re:Lessons for others? (0)

Anonymous Coward | more than 2 years ago | (#37698692)

i hereby claim that my dick is bigger than yours. are you going to believe that? its written on the internet so it must be true

Re:Lessons for others? (1)

bonch (38532) | more than 2 years ago | (#37617448)

Such claims have been made about Linux since the creation of this website. The "Apple Phanbois" you refer to are actually a rarity in practice.

Re:Lessons for others? (1)

Microlith (54737) | more than 2 years ago | (#37617926)

The people here who make that claim about Linux are occasional, but by no means representative of the site. Many major Apple focused forums do believe in the impenetrability of OS X as gospel, they are simply rare here.

Re:Lessons for others? (1)

DaVince21 (1342819) | more than 2 years ago | (#37624670)

Not really. I've seen both kinds of people IRL. Both are wrong, of course.

Re:Lessons for others? (1, Troll)

LordLimecat (1103839) | more than 2 years ago | (#37618294)

The common wisdom is, our security is superior to Window's security,

And on what do you base that assumption? Because scores of users get pwned by Acrobat and Java exploits, but it just happens to be hitting windows machines?

I have never seen any credible proof that your common Linux server distros (RedHat, CentOS, Debian) are more secure out of the box than Windows Server 2003 or 2008-- and I have seen a LOT to suggest that 2008 (and Win7) are more secure than their *nix counterparts.

I really dont want to start a flamewar on this (though I probably just did), but its ridiculous to continue acting like this is 1995 and Windows is the piece of garbage it once was. Since NT, the filesystem security is better than your most common *nix variants (more granularity, more specificity). Since XP, the system has mechanisms to detect filesystem tampering and to repair it (SFC). Since XP SP3, it comes with a deny-all firewall built in and supports DEP. Since Vista, everyone runs as least-privileged, the browser is sandboxed, the RAM is ASLR'd, the kernel refuses unsigned patches / hooking, and the firewall has been upgraded to something that is on par with iptables. And since 7 x64, all drivers require a digital signature.

A great many of those features came much later in Linux and OSX, and some are STILL lacking (due to fears about centralization, potential for abuse, etc-- valid reasons, but still resulting in lesser security). As it is now, for the most part, there is no appreciable difference between the security of Linux and that of Windows, and I defy anyone to provide a compelling argument to the contrary.

Re:Lessons for others? (1)

0123456 (636235) | more than 2 years ago | (#37618462)

It's true. Windows is more secure than Linux so long as you never turn the machine on.

Re:Lessons for others? (2)

Runaway1956 (1322357) | more than 2 years ago | (#37618852)

Least privileged users? On Win7? *chuckles*

On all Linux distros, you actually have to type a password to get root status. On Windows, you still only have to click a box to make it go away.

You make a good point with Adobe and Java. But, more of us on Linux are using more alternatives to the most common Adobe and Java products. Some have similar vulnerabilities, while other have different vulnerabilities, while others simply lack the vulnerable features.

But, it all comes down to computer savvy, in the end. And, Windows has courted the ignorant since day one. Make it simple, make it convenient, make it foolproof, but let the fools play with it. Linux? It attracts the geeks, the nerds, the paranoid. We don't need or want convenient. We need, and want, a system that we can control, not a system that Bill Gates and company thinks we should like.

As for Linux being "less secure", well, I insist that we measure the incidence of penetrations. And, when we start measuring, you have to include all those home users who just click through all their antivirus and system warnings. "Warning: The application you are installing is a disguise for the worst worm that has ever been encountered! Do you wish to continue?" The user just clicks, "Yes". Yep, you gotta count him, 'cause he's a Windows user!

Re:Lessons for others? (0)

Anonymous Coward | more than 2 years ago | (#37619048)

couldn't get past the second sentence... ALL linux distros?

The #1 Linux distro, Ubuntu, does not have a root password set at all. Just use sudo

Do you even use Linux?

Re:Lessons for others? (0)

Anonymous Coward | more than 2 years ago | (#37619310)

Yes, you have to type your own password to use sudo, hence the statement is true.

your root password can't get guessed if there isn't one.

Re:Lessons for others? (1)

knuthin (2255242) | more than 2 years ago | (#37622962)

There is one, but it is locked. You can reset it however. Using "sudo passwd" or "sudo -i". Since you have rights to execute sudo, you can easily set the root password ;)

Re:Lessons for others? (1)

ancienthart (924862) | more than 2 years ago | (#37624012)

couldn't get past the second sentence... ALL linux distros?

The #1 Linux distro, Ubuntu, does not have a root password set at all. Just use sudo

Do you even use Linux?

sudo requires you to enter a password from an account that has been given admin priviliges.
So instead of giving every admin access to the same root password, each admin gets their own password.

Re:Lessons for others? (1)

LordLimecat (1103839) | more than 2 years ago | (#37629040)

Yes, because windows doesnt have that. Oh wait, it does, its called UAC (GUI) and runas (CLI-- and Ill note that this has been around for absolutely ages).

There IS no "root password" on windows-- as in linux, there are passwords for various accounts with varying privileges. Obviously there is a "default" admin, which is called root on linux / unix, and administrator on windows, but on each system is changeable.

Its like 90% of the people comparing windows to linux have either not used windows, or not used linux. Come on guys, this is basic stuff.

Re:Lessons for others? (1)

ancienthart (924862) | more than 2 years ago | (#37647316)

If the default option for a security system is to not enable it (accounts are created with broad, rather than limited permissions) - guess what 90% of users will do. (And yes, I'm aware this has changed in later versions of Microsoft, but that's like a child-care worker expecting praise for saying "Oh, we don't let the kids play out on the highway ... now.)

Much like the security questions horror in Vista, Microsoft mixes middling to brilliant software engineering, with bloody awful social engineering. And keep in mind this comes from a Linux user. :D

Re:Lessons for others? (1)

crutchy (1949900) | more than 2 years ago | (#37698746)

by default in a debian installation i don't even have access to sudo. i can use "su" and type the root password. there used to be an option during the installation to select either use of sudo or su, but the squeeze installer doesn't include the option and automatically sets the use of su. then after i install i configure the wheel group [http://www.linuxsecurity.com/resource_files/host_security/securing-debian-howto/ap-checklist.en.html] so that only my own local login can access su.

i use win7 at work and we've had three office-wide viruses this year alone. there is no security by default.

Time to unpick a nitpick... apk (0)

Anonymous Coward | more than 2 years ago | (#37619280)

On all Linux distros, you actually have to type a password to get root status. On Windows, you still only have to click a box to make it go away." - by Runaway1956 (1322357) on Wednesday October 05, @06:46PM (#37618852) Homepage

That's very easy to make just like any *NIX though, with 1-2 registry settings &/or 1-2 clicks in GPEDIT.MSC (group policy editor)..., ala:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Admin Approval Mode for the Built-in Administrator account

Audit:

Alternatively, execute the following to determine if the system is configured as recommended:

reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v FilterAdministratorToken

Either use reg commands to insert it, or regedit.exe to manually examine it & edit it.

* I have it set so that even I, an admin group user & along with ALL others, even the renamed ADMINISTRATOR account I have here, MUST not only click that 1 button you note, but, They & I have to press CTRL+ALT+DEL, & login with my username to use (I can use mine, admin level - default here's blank by the by), AND password.

(It's actually more stringent than Linux is, & I used KUbuntu 10x series for a good portion of last year nearly exclusively too)

APK

P.S.=> It's also actually a part of good security for installations imo, mostly (but, knowing what's ok to install & not ok is the big thing, & I don't believe MOST users are that saavy or care, so they install whatever they need (or think/are misled to believe they need))...

... apk

Good one to do along with the above... apk (0)

Anonymous Coward | more than 2 years ago | (#37619426)

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode (do "prompt for credentials")

& to check it

reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin

Those are also good to team with what I wrote above, because it even extends to higher level admin accounts especially & also... so does this one:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Run all administrators in Admin Approval Mode

(SET THIS TO ENABLED TO MAKE EVEN ADMINS HAVE TO PRESS BUTTON, DO CTRL+ALT+DEL, & ENTER PASSWORD & USERNAME FOR MOST ALL THINGS DOING THIS ALONE!)

reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA

THIS CONTROLS IT FOR STD. USERS:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for standard users

(Again, set it to "prompt for credentials")

reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorUser

The reg commands just check the policy db for security to see if they took or not...

THIS CONTROLS IT FOR INSTALLATIONS BY USERS (if you allow it for their priv.level of course):

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Detect application installations and prompt for elevation

(" same, same" - set for prompt for credentials)

reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v EnableInstallerDetection

(The latter, again, just does a double check on if it took or not in the secpol.db)

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Only elevate UIAccess applications that are installed in secure locations

(" same, same" - set for prompt for credentials)

reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v EnableSecureUIAPaths

(The latter, again, just does a double check on if it took or not in the secpol.db)

APK

P.S.=> Whew, but that'll do it, & even for admin/root users types on Windows modern variants via registry hacks &/or group policies edits... apk

Whoops: 1 more excellent step... apk (0)

Anonymous Coward | more than 2 years ago | (#37619518)

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Switch to the secure desktop when prompting for elevation

(THE ABOVE SETS IT ENABLED IN THE SECURITY POLICY DATABASE... the below checks it (as per usual from my other posts)).

reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop

APK

P.S.=> There you go - NOW, finally, it's complete as to group policies you can set on ANY KIND OF USER (including admins/root users on Windows), as to having to be "more *NIX-like than any *NIX probably is", as far as this kind of level of security & granularity for it quite possibly, as well as steps needed to go thru while attempting to use higher level priveleges or accessing protected tools &/or areas of the OS/System, period... once you set it this way @ least!

... apk

Re:Whoops: 1 more excellent step... apk (0)

Anonymous Coward | more than 2 years ago | (#37623974)

I've always suspected Windows being detrimental to mental health but dude, I had NO idea!

I hope sharing your twisted braindumps with us helps you get better. /hugz

It corrects 4 Runaway1956 (0)

Anonymous Coward | more than 2 years ago | (#37624080)

And, sets him straight, vs. what's quoted from him in my init. reply: I.E.-> The 6++ settings I posted for use in gpedit.msc (Microsoft Group Policy Mgt. Tools) can make Windows just like Linux would when attempting to access system level functions or files, &/or higher priveleges. Heck, moreso... quite a bit more "strict" in fact.

No questions asked.

Via a more overall strict (spelled sideways, pain-in-the-ass more steps to take) process... just like *NIX, heck again, even moreso.

Additionally - Heh, it's no twisted braindump as you called it - it IS what YOU YOURSELF CAN DO, just to make Windows just like a *NIX, & moreso in terms of security than *NIX's usually are in fact, and it can 'fix' what Runaway1956 complained of (this fixes it, no questions asked - I do it myself & ANY user of my systems in fact, even instatllation system user entities/services!)

* Nice part is, it's easy to do - all the tools are in 1 spot basically on an item treelist... MS' mgt. tools are easy to work with too.

APK

P.S.=> All the adhominem attacks based on being the "wannabe PhD in the Psychiatric sciencs" as the "SiDeWaLk-ShriNk of /." on you part, what with you being minus:

---

1.) PhD in Psychiatry

2.) Years-to-decades of professional practice

3.) A license to practice it

4.) A formal examination of myself as to my mental condition & in a professional environs on your part

---

All that doesn't make you some credible judge of another that's worth listening to regarding another's mental state/condition, period!

So, in the end/bottom-line:

What I can't figure out is, is why for the life of me you spend time anonymous coward reply off topic illogical adhominem style attack trolling & stalking me around here, lol!

(Don't you have a life &/or better more important things to do with your life?? Nearly every post I make has your "StRaNgE-OnLiNe-StaLKeRy" in it, lol)...

... apk

Re:It corrects 4 Runaway1956 (1)

Runaway1956 (1322357) | more than 2 years ago | (#37625404)

Holy smokes, AC - you're just a little bit above my head with some of that. I'll have to actually do it all, and see.

And, I have to admit that when and where strict discipline is required, Windows can indeed be pretty danged secure. The military uses Windows all over the place, and it's pretty secure. But - then again - I'm reminded of Great Britain's "Windows for Subs" fiasco, in which the machines were overwhelmed by viruses and malware. I never did stumble across the details of that mess, but I would have assumed that THEY were subject to strict discipline!

Just letting U know, it's doable (& how) (0)

Anonymous Coward | more than 2 years ago | (#37625960)

1st, I'd suggest just trying the 6++ settings I noted on a Windows 7 desktop for starters (do look them up to, so you can verify what I stated as to each one also - to be safe(r), of course!)

Then? Well - you'll see I am "telling it how it is" (for each)...:

"Holy smokes, AC - you're just a little bit above my head with some of that. I'll have to actually do it all, and see." - by Runaway1956 (1322357) on Thursday October 06, @10:13AM (#37625404) Homepage

Trust me, using gpedit.msc? It's a LOT SIMPLER THAN WHAT IT LOOK LIKE (per what I wrote)... by far!

Again - &, I actually USE it that way in fact, where ANY/EVERY user, including admins like myself, HAVE to do more than "click a button" to do various system level or higher priv. things!

(That was a result of my recently taking the newest CIS Tool test (4 Win7/Srv2k8)).

I wrote the folks for the CIS Tool for Windows 7/Server 2008 security test, they gave me a trial model I scored 94% on, actually higher & submitted some findings/thoughts to the folks that created it that they will find useful (the tests' pretty highly esteemed, better than MS' "Baseline Security Advisor" in many ways, imo @ least))

* Those 6-7 settings I put up definitely WILL make it like a *NIX setup, security-wise, on using higher privelege items (&/or protected areas + processes in the system, like installs, etc./et al) where the user HAS to "sign in/log in" WITH PROPER CREDENTIALS to do anything higher privelege related, & even on installs (perhaps the MOST important one to secure, to stop unseen ones, or help, moreso here).

---

"And, I have to admit that when and where strict discipline is required" - by Runaway1956 (1322357) on Thursday October 06, @10:13AM (#37625404) Homepage

It is, along with user-education (so they too can understand WHAT to avoid & why)... because of settings like those & some guides I did over time since 1997 for securing Windows:

http://www.google.com/search?sclient=psy-ab&hl=en&site=&source=hp&q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&btnG=Search [google.com]

Shows myself, and yes, others, not showing infestations for years to decades++ (myself since 1996 in fact), via implementing tests like CIS Tool (that make it actual FUN TO DO no less, like a benchmark of computer security really in a way) & other measures in "defense-in-depth"/"layered-security" fashion (the best thing we have going today really).

---

"Windows can indeed be pretty danged secure." - by Runaway1956 (1322357) on Thursday October 06, @10:13AM (#37625404) Homepage

Absolutely & testimonials from the guides links I've been doing for Windows users since 1997 show it too!

Also, MOST of what hits Windows now, & especially since it's the "most used" by far, overall?

3rd party app problems like JAVA, &/or Adobe Flash/Acrobat Reader issues... ala/e.g.:

---

Java, Adobe vulns blamed for Windows malware mayhem - Five products hit in 99.8% of hacks: By John Leyden, Posted in Security, 28th September 2011 07:31 GMT

http://www.theregister.co.uk/2011/09/28/window_malware_infection_exposed/ [theregister.co.uk]

---

And, those exploits? They could be foisted upon other OS' too, just like javascript exploits due to faulty DOM could be also...

"The military uses Windows all over the place, and it's pretty secure." - by Runaway1956 (1322357) on Thursday October 06, @10:13AM (#37625404) Homepage

The versions the U.S. Military @ least, gets are "security-hardened" too, & have gotten them that way, since 2004... not SURE if they're as security-hardened as guides I put up links to here can be, but they are nonetheless, enhanced.

---

"But - then again - I'm reminded of Great Britain's "Windows for Subs" fiasco, in which the machines were overwhelmed by viruses and malware. I never did stumble across the details of that mess, but I would have assumed that THEY were subject to strict discipline!" - by Runaway1956 (1322357) on Thursday October 06, @10:13AM (#37625404) Homepage

Heh - on THIS one, & I had a debate on (I won it easily) with a former JAVA professor of mine in fact, a former U.S. Navy coder no less, circa 2009 (I go back to school for coursework periodically in the computer sciences even though I have MIS & CS degrees (majors & minors on them too)).:

He was saying how "object orientation provides security in code via 'private/protected' etc."

I told him

"That's nice - but it doesn't MATTER vs. a rootkit type ring 0/rpl 0 process in say a rootkit, because drivers are typically used & MUST BE ABLE TO SEE INTO ANY PROCESS, COMPLETELY, & in fact, naval concerns have been compromised thus..."

Which is how, in fact, the submarine problem described by yourself was implemented in fact... & ALL THE OO PROGRAMMING IN THE WORLD IS NO PROTECTION vs. THAT TYPE OF ATTACK... period.

He said "I think you may be right"...

Heh, no QUESTION I am/was right - mainly because it's why keyboards & mice work right (or any device driven hardware) & how they actually WORK, via drivers, & why (every ring3/rpl 3 process & their content's visible to their drivers... same with rootkit drivers too!).

* MIND YOU - That could & WOULD happen on ANY OS, given that style of attack via drivers/rootkits, etc..

APK

P.S.=> Anyhow/anyways - In fact, because I used KUbuntu 10.04-10, & for a LARGE part of 2010? You'll, like myself, actually will probably find it to be more of a "pain in the behind" (but more secure) than Linux is even in this regards, just by using those 6++ settings, as described (again, do look them up to, so you can verify what I stated as to each one), but, JUST AS DOABLE (if not moreso in terms of how "strict/stringent" you can make it in fact)... apk

Re:It corrects 4 Runaway1956 (0)

Anonymous Coward | more than 2 years ago | (#37698774)

wow, so you're saying users should try to make windows more like linux to be secure.

and i thought all that registry crap that no average user would have a clue how to implement was just some kind of wierd geek joke that i didn't get.

do you have an actual mental condition or are you just incapable of saying things like a normal person? at least someone with a mental problem would have an excuse. you totally suck at making sense dude. much of your jibberish is all but incomprehensible.

try posting just one comment with no bolding, ellipses, acronyms, alternating capitals, commas in weird places, colons, double line spacing, etc.

you will have more of a chance of getting your point across as readers may be able to understand what your saying. when we can understand you, then we can make a better go of working out whether we agree with you or not.

no offense but at the moment you just seem like a retard

It's not "registry crap" (easier than that) (0)

Anonymous Coward | more than 2 years ago | (#37700628)

Via gpedit.msc (Group Policy Editor), and it's as simple to use as Explorer.exe/MyComputer is, especially since I put the tree item paths out that are needed, step-by-step.

IF FOLLOWING SIMPLE DIRECTIONS IS "TOO MUCH FOR YOU"? YOU HAVE ISSUES!

Now, as far as this quoted next below from you, especially after I just explained how simple & easy gpedit.msc is to use:

"do you have an actual mental condition" - by Anonymous Coward on Thursday October 13, @03:03AM (#37698774)

Do you have some mental condition that makes using easy to use software that Windows provides a "major chore" for you? If so, reconsider using computers at all on your part & I'll let YOU say what I am thinking in regards to yourself, after that little rant of yours, by requoting you again:

"no offense but at the moment you just seem like a retard" - by Anonymous Coward on Thursday October 13, @03:03AM (#37698774)

Read the above, & speak for yourself (you just did basically, & that's exactly what I think of you to be blunt about it! You can't follow directions, obviously!)

APK

P.S.=> I state that last part, simply because anyone that is unable to use gpedit.msc, with pathways thru it given to they as I did for yourself & others, lol, is pretty damned stupid - especially after the pathways through it were explained by myself, in detail!... apk

Learn to write (Mr. Pot calling a kettle black) (0)

Anonymous Coward | more than 2 years ago | (#37761128)

Sentences begin with capital letters, you illiterate dolt:

"wow, so you're saying users should try to make windows more like linux to be secure." - by Anonymous Coward on Thursday October 13, @03:03AM (#37698774)

That's a grammatical error right there quoted above from your first sentence, and you continue it all through your reply in fact, repeatedly and rampantly: Clue/Newsflash/new news: SENTENCES DO NOT BEGIN WITH LOWERCASE LETTERS!

---

"and i thought all that registry crap that no average user would have a clue how to implement was just some kind of wierd geek joke that i didn't get.." - by Anonymous Coward on Thursday October 13, @03:03AM (#37698774)

Your second sentence further compounds your errors, and also shows more grammatical errors on your part: Sentences do not begin with conjunctions like "and" (additionally as per your usual, you also started a new sentence without using a capital letter as well - double fail!).

APK

P.S.=> So, who's the "retard" here, Mr. wannabe grammar-nazi? You try to toss writing error problems my way on how I posted, but I use proper english writing rules, whereas yourself? Well, see above... lol!

... apk

Re:Lessons for others? (0)

Anonymous Coward | more than 2 years ago | (#37619606)

Least privileged users? On Win7? *chuckles*

On all Linux distros, you actually have to type a password to get root status. On Windows, you still only have to click a box to make it go away.

But that is still by choice, on both accounts. On my Windows 7 I actually need to type in a password (or put my smartcard on top of my rfid reader) before I'm allowed to gain admin privileges.

You're ignoring the fact that Windows is by definition aimed at end-users whereas Linux is not.

And of course; if we're talking servers the picture becomes completely different once again.

Re:Lessons for others? (1)

LordLimecat (1103839) | more than 2 years ago | (#37621140)

On all Linux distros, you actually have to type a password to get root status. On Windows, you still only have to click a box to make it go away.

Were that universally true, it would be irrelevant. You nevertheless run as an unprivileged user in Windows 7, and your snarky comment doesnt change that. Until you click allow, the a program may not execute anything with full admin privileges.

As for Linux being "less secure", well, I insist that we measure the incidence of penetrations.

I was hoping to compare privilege escalation bugs or a similar category, Server2008 vs a recent kernel, but its quite tricky A) finding usable lists, and B) comparing a full suite (server2008 standard) to a stripped down linux server install (why not compare to 2008 core?).
But I did find this [wikipedia.org] ...I see a few Windows hacks on there, and an astonishing number of hacks on things like OpenSSL, SSH, RedHat, etc. Saying hands-down WinServer gets hacked more is ignorant; I would hazard that there is a greater incidence of intrusions on Linux servers than on comparable (year-wise) Windows installs (that is, not comparing kernel 2.6.39 to Windows NT4).

If you are referring to windows malware, that is utterly irrelevant. There is an article on slashdot earlier discussing where malware installs come from, and the upshot is that at LEAST 87% of those installs are technically doable on OSX and Linux-- they exploit cross-platform plugins. And when you look at Pwn2Own [slashdot.org] , where year after year OSX (a *nix derivative) is the first to fall, it kind of puts a damper on the whole "lol windows security sucks" mentality.

If theres anythign to take from all of this, its that relying on your platform in this day and age for security is brain-dead. All of the major platforms have comparable security features, and all sport built-in firewalls. Vulnerabilities these days overwhelmingly come from 3rd party services (Browser plugins, SSH, OpenSSL, LDAP), not the core OS, and from misconfiguration (including bad passwords). Basically, if anyone starts spouting off about how X infections are because Y operating system sucks, you know that person has absolutely no idea what theyre talking about, and should not be trusted to secure any system.

Re:Lessons for others? (1)

drinkypoo (153816) | more than 2 years ago | (#37624396)

On all Linux distros, you actually have to type a password to get root status.

Only once. Then you can mess with the pam configs and just have it grant you access. I don't do this, mind you. About the only time I've messed with my pam configs was to enable local login for an account for which I wanted remote passworded login.

Re:Lessons for others? (1)

next_ghost (1868792) | more than 2 years ago | (#37619928)

Since Vista, everyone runs as least-privileged,

Sorry but I don't believe that for a second. Because I've actually been down that road with XP. I can lock NT-based Windows down almost as much as any UNIX system is locked down by default. But the problem is that when you really do that, you throw a HUGE pile of software out of the window. Software that wants to write to its Program Files directory, software that wants to write to HKEY_LOCAL_MACHINE branch of registry or even worse, software that wants to write to Windows directory itself. Sure, all of that software was written by idiots but home users will rather give up security than that software. And Microsoft knows that. That's why UAC and other fancy "security" features of Vista/7 don't go anywhere near where they actually have to in order to improve security.

Re:Lessons for others? (1)

LordLimecat (1103839) | more than 2 years ago | (#37620954)

Sorry but I don't believe that for a second. Because I've actually been down that road with XP. I can lock NT-based Windows down almost as much as any UNIX system is locked down by default. But the problem is that when you really do that, you throw a HUGE pile of software out of the window.

Sorry, but you clearly havent actually used Vista or 7. They dont ask you "would you like to run as least privilege?" in vista / 7; they force you into that. You have to do some tweaks to remove that policy (by turning off UAC).

Why do you think Vista was hated so much? Some of it was performance, but the big user gripe was the "allow or deny" prompts, which were due to dropped privileges.

And you clearly are unaware of all the junction points, registry virtualization, etc that was put into place to make such programs "just work" even without proper privileges-- for example, programs that try to store settings in %programfiles% will usually be redirected to a folder under %appdata%, transparently. Security is kept in tact, the program keeps on working.

Obviously you havent been paying attention to the slow shift towards not requiring admin privileges, which has been going on for about 4 years now.

Re:Lessons for others? (1)

Short Circuit (52384) | more than 2 years ago | (#37626558)

You don't know what you're talking about. Seriously.

Starting with Vista, users, even "Power Users" and "Administrators", run least-priviliged to start. For compatibility's sake, writes to %PROGRAMFILES% and friends are virttualized and shunted aside to a per-user store. To get code to run as an Administrator, you need to "Run As Administrator" the program itself, another process (such as cmd or Windows Explorer) tat then launches the program, or you have to code the application to request privilege elevation, which then triggers the UAC dialog.

Re:Lessons for others? (0)

Anonymous Coward | more than 2 years ago | (#37621176)

Am-I the only one to notice how like Grub the actual bootloader looks like before the skin ? Or to notice that there is a /etc/hosts file even though linux compatibility is not enabled ? Or notice a hundred other points where Windows 7 looks like a skin put over the kernel and common userland tools ? I would certainly explains how they finally rolled out a product of "Quality".

Or am-I just being paranoid ?

Re:Lessons for others? (1)

LordLimecat (1103839) | more than 2 years ago | (#37621634)

Or am-I just being paranoid ?

Youre being ridiculous. You cannot address memory in windows as you can through the /dev interface on Linux-- the filesystem paradigm is utterly different. And the two kernel designs are utterly incompatible-- Linux sports a monolithic kernel, while Windows has a microkernel. The binary formats of executable data on each is totally different. Etc etc etc.

Or am I just being trolled?

Re:Lessons for others? (1)

galanom (1021665) | more than 2 years ago | (#37621232)

I used DOS for nearly 10 years and I've never been hacked!
Not even when I put a null-modem cable on the serial port!

Re:Lessons for others? (0)

Anonymous Coward | more than 2 years ago | (#37622366)

I apologize. I am going to reveal a tried and true way to compromise any windows machine. ANY.

Open a zip file in Internet Explorer. Just did that today, and it executed the code. Norton didn't complain. I did reveal that it had been rooted, but no prevention.

My office mate did that, and I cleaned it up. I tried the same file on the backup server ( Server 2008, all updates, Norton Enterprise suite, updated ).
Infected. Had to quickly clean that up to:

OSs tested: Windows 7 Home. Windows Vista Home, Server 2003, Server 2008.

Run down of the security flaws:
1. DEP enabled in BIOS and OS.
"Since XP, the system has mechanisms to detect filesystem tampering and to repair it (SFC)."
Yep. It knew it was infected, but could not fix itself.
It does not know how to handle alternate streams, and secret security accounts.
It can only checksum OS files. Usless.

"Since XP SP3, it comes with a deny-all firewall built in"
The fire wall fell and the virus walked right around it.

"and supports DEP."
But is apparently easily comprimised. Did not get triggered on a single system.
Again. Useless.

"Since Vista, everyone runs as least-privileged,"
IE can elevate its privilege level, created secret accounts, and alternate file streams.
Not much you need to do after that.

"the browser is sandboxed,"
IE 8 was the first to fall. On the server the security prevents any outside site from being reached. Open a local zip file? no problem.

  "the RAM is ASLR'd,"
Yep. So was the private ram for IE. Didnt stop infection/rooted.
There are proven holes in this, as well as DEP.

The compelling argument can be summed up in one word: tripwire.
SFC is no tripwire.

Re:Lessons for others? (1)

LordLimecat (1103839) | more than 2 years ago | (#37629212)

Open a zip file in Internet Explorer. Just did that today, and it executed the code.

I open zip-files from browsers of all shades all the time, and it never automatically executes any content. Possibly you have a crappy, bug-ridden archive handler?

Norton didn't complain. I did reveal that it had been rooted, but no prevention.

Add that to the list of problems you need to address-- norton is a pile of garbage, and doesnt reflect well on the state of your computer if you have that installed. It is known to do all sorts of bizarre things. Honestly, its possible that the exploit you experienced-- if legitimate-- was targetted at norton and exploited the way norton performs its scanning.

If you must use an antivirus, use Microsoft Security Essentials-- there are other good free AVs, but MS's is the only one which has been basically trouble-free over the last 2 years (Avast now causes bluescreens, grrrr).

"Since XP SP3, it comes with a deny-all firewall built in"
The fire wall fell and the virus walked right around it.

Im going to say this as kindly as I can-- the above comment indicates you dont understand what each of those defenses are for. Viruses often enough do not need to contend with ASLR, DEP, or a firewall, because technically their execution was requested by the user (or at least, content was requested, and said content exploited a plugin flaw).

Each and every year, Mac OSX is exploited before the windows computer in Pwn2Own; its not because Windows is superior, its because most of the OSes share the same types of defense, which still cannot protect against buggy, unsupported 3rd party crapware.

Re:Lessons for others? (0)

Anonymous Coward | more than 2 years ago | (#37622582)

When al it takes is just a sigle line of code that makes the system vulnerable, do all this arguments really worth the time?

Re:Lessons for others? (0)

Anonymous Coward | more than 2 years ago | (#37623524)

I don't want to start a war either but the earth is flat. I've seen a LOT of evidence proving this.

Re:Lessons for others? (0)

Anonymous Coward | more than 2 years ago | (#37623680)

Fortunately, it's really easy to test. We do it on our honeypot network every time a major release comes out.

1 Buy two identical cheap machines from ebay (or use VMs)
2 Install CentOS on one, don't run updates
3 Install WIndows Server on the other, don't run updates
4 Hook them directly to the intertubes
5 Start counting

Now you might say that the Windows machine gets pwned almost immediately because there's more malware out there targeting it, but I don't care: either security through obscurity _is_ security or the Windows machine is less secure.

Re:Lessons for others? (1)

LordLimecat (1103839) | more than 2 years ago | (#37629238)

ow you might say that the Windows machine gets pwned almost immediately because there's more malware out there targeting it,

Actually, the WIndows server will never get owned, because out of the box (at least on SBS installs) the firewall rejects all traffic.

So really, your entire statement falls to pieces.

Re:Lessons for others? (1)

LordLimecat (1103839) | more than 2 years ago | (#37629284)

By the way, if anyone doubts this, I would happily take them up on some challenge with VMs, or physical machines. There could even be some stakes, if you desired, though it wouldnt matter-- neither the CentOS box nor the Windows Server box will EVER be hacked except A) by a bruteforcing of the password (assuming you havent set lockout policies up), or B) by enabling services and allowing traffic through the firewall.

Otherwise, iptables / windows firewall would make any such attempts futile.

Re:Lessons for others? (1)

Jonner (189691) | more than 2 years ago | (#37617286)

It means there are probably quite a few rooted Linux boxes out there and the users don't realize it because they bought into hype that their computer had impenetrable security.

So how does that explain the far greater number of compromised Windows boxes? It's unlikely their owners thought they had impenetrable security. Compromised machines exist because people take foolish risks and aren't vigilant for malware either out of ignorance or apathy regardless of OS. The average user is still much safer running any non-Windows OS, though they shouldn't be complacent.

Re:Lessons for others? (0)

Anonymous Coward | more than 2 years ago | (#37617544)

If you value security, you should *NOT* use Linux.

Both Windows and OS X have better security track records than any linux distribution.

Re:Lessons for others? (1)

somersault (912633) | more than 2 years ago | (#37617748)

[citation needed]

Re:Lessons for others? (0)

Anonymous Coward | more than 2 years ago | (#37618014)

Sure: kernel.org

When was the last time Microsoft.com or apple.com got hacked? Seriously, if you
value security, then you should be using windows.

Re:Lessons for others? (1)

F.Ultra (1673484) | more than 2 years ago | (#37618284)

Yeah, nobody stole the Windows 2000 source code now did they?

Re:Lessons for others? (1)

LordLimecat (1103839) | more than 2 years ago | (#37618328)

Microsoft.com WAS hacked once, I think it just resulted in a jpg upload though.

However, thats not a fair comparison, given that Microsoft has a huge budget for a dedicated IT team, which makes far more difference in security than the OS you happen to use.

Re:Lessons for others? (1)

Rysc (136391) | more than 2 years ago | (#37624940)

Microsoft is also not likely to disclose every security breach; they gain nothing by doing so and it harms their image.

Re:Lessons for others? (1)

DaVince21 (1342819) | more than 2 years ago | (#37625968)

Have you ever heard of Git, and why it pretty much prevented the actual kernel from being compromised?

Re:Lessons for others? (1)

DaVince21 (1342819) | more than 2 years ago | (#37625936)

You *really* should not use any of them if you actually value security. There are actual OSes (and I guess distros, to an extent) that put security before anything else. Windows, most Linux distros and OSX certainly aren't.

Re:Lessons for others? (1)

Eil (82413) | more than 2 years ago | (#37621600)

Which are the lessons for others to learn?

Purchase and install a good antivirus solution.

Maybe they should switch to OpenBSD... (0)

Anonymous Coward | more than 2 years ago | (#37616696)

No security breaches, after all.

Re:Maybe they should switch to OpenBSD... (0)

Anonymous Coward | more than 2 years ago | (#37616742)

Hmm.. but that would create a lack of confidence in their product. Imagine if Windows used Linux or BSD to host Bing.

Re:Maybe they should switch to OpenBSD... (0)

Anonymous Coward | more than 2 years ago | (#37616800)

There's precedent. Back in '03 there was a lot of publicity about Microsoft using Linux to publish their own website, via Akamai.

Re:Maybe they should switch to OpenBSD... (1)

Eunuchswear (210685) | more than 2 years ago | (#37617436)

woosh...

Re:Maybe they should switch to OpenBSD... (1)

bonch (38532) | more than 2 years ago | (#37617454)

"Lot of publicity" = snarky comments on Slashdot

Re:Maybe they should switch to OpenBSD... (1, Troll)

kthreadd (1558445) | more than 2 years ago | (#37617164)

Last time I checked Apple runs their stuff on Windows Azure so maybe Kernel.org should do the same. I mean, Kernel.org have been hacked what now, two or three times? How many times have Windows Azure been hacked? Zero. So, just by looking at statistics moving to that platform could be a good move.

I mean, since we just went odd-version and have the Visual Basic rewrite [lkml.org] imminent, being open towards new hosting platforms should be an option.

Re:Maybe they should switch to OpenBSD... (0)

Anonymous Coward | more than 2 years ago | (#37622290)

The irony here is that some of the openbsd stuff is hosted on solaris. It's more to do with resources donated to the project than any misgivings, but still ...

They should have used IIS. (-1)

Anonymous Coward | more than 2 years ago | (#37616728)

I wonder why anyone bothers with Apache anymore. Its like every other day some random apache web box is rooted.

slashdotted? (0)

Anonymous Coward | more than 2 years ago | (#37616906)

linux-omap-2.6$ git pull
fatal: The remote end hung up unexpectedly

Ha! Ha! (-1)

Anonymous Coward | more than 2 years ago | (#37616922)

HA! HA! n00bs got r00ted.

clicked on download 3.0.4 (0)

Anonymous Coward | more than 2 years ago | (#37616974)

Not Found
The requested URL /pub/linux/kernel/v3.0/linux-3.0.4.tar.bz2 was not found on this server.

In the process of getting up?

Re:clicked on download 3.0.4 (1)

davek (18465) | more than 2 years ago | (#37617118)

Not Found
The requested URL /pub/linux/kernel/v3.0/linux-3.0.4.tar.bz2 was not found on this server.

In the process of getting up?

For some reason the links on the homepage appear to be broken.

You can still browse to the repos by going to http://git.kernel.org/ [kernel.org]

Bugzilla (3)

diego.viola (1104521) | more than 2 years ago | (#37617122)

when is bugzilla.kernel.org coming back as well?

Re:Bugzilla (1)

Eunuchswear (210685) | more than 2 years ago | (#37617470)

MOD THIS UP11!!!!

Git documentation lives! (1)

RobNich (85522) | more than 2 years ago | (#37617156)

Yay! I spent the last two weeks learning git, and Google kept pointing me to kernel.org for the documentation. Having the site actually up will be nice, although I've already learned everything possible about Git!

Re:Git documentation lives! (1)

Jonner (189691) | more than 2 years ago | (#37617318)

Yay! I spent the last two weeks learning git, and Google kept pointing me to kernel.org for the documentation. Having the site actually up will be nice, although I've already learned everything possible about Git!

Perhaps you should have used the git project's actual site [git-scm.com] .

Re:Git documentation lives! (1)

RobNich (85522) | more than 2 years ago | (#37625956)

I would have if it had matching documentation, but according to Google [google.com] , it doesn't.

Re:Git documentation lives! (2)

folderol (1965326) | more than 2 years ago | (#37617790)

If your name is not Linus Torvalds you haven't learned everything possible about Git!

Re:Git documentation lives! (2)

Jappus (1177563) | more than 2 years ago | (#37623316)

And if your name is Linus Torvalds, you don't have to learn everything possible about Git, as you can just decree whatever you think is right as being right.

Obligatory :) (-1)

Anonymous Coward | more than 2 years ago | (#37617180)

Does it run Linux?

Re:Obligatory :) (0)

Anonymous Coward | more than 2 years ago | (#37617384)

No, does it blend?

Android source (0)

Anonymous Coward | more than 2 years ago | (#37617438)

Looking forward to android.git.kernel.org being back up.. since there are no official mirrors.

the tarballs are still unavailable (0)

Anonymous Coward | more than 2 years ago | (#37617678)

So's FTP link at the top.
Meh...

TROLL ALERT (-1)

Anonymous Coward | more than 2 years ago | (#37620710)

MAYBE LINUX DEVELOPERS SHOULD RUN OPENBSD ON THEIR SERVERS TO BETTER PROTECT AGAINST THIS KIND OF PROBLEM

HTTP://OPENBSD.ORG, SECURE, BY DEFAULT

(Filter error: Don't use so many caps. It's like YELLING. attempt to bypass filter by using a bunch of lowercase asdfasfasf.qejfqpjiasdfasfasf.qejfqpjiasdfasfasf.qejfqpjiasdfasfasf.qejfqpjiasdfasfasf.qejfqpjiasdfasfasf.qejfqpjiasdfasfasf.qejfqpjiasdfasfasf.qejfqpjiasdfasfasf.qejfqpjiasdfasfasf.qejfqpjiasdfasfasf.qejfqpjiasdfasfasf.qejfqpji)

404 Not found for most of the links on kernel.org (1)

sick_soul (794596) | more than 2 years ago | (#37623914)

sh-3.1$ wget http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.4 [kernel.org]
--2011-10-06 12:41:23-- http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.4 [kernel.org]
Resolving www.kernel.org... 149.20.4.69
Connecting to www.kernel.org|149.20.4.69|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2011-10-06 12:41:23 ERROR 404: Not Found.

Juicy Couture On Sale (0)

Anonymous Coward | more than 2 years ago | (#37661422)

Juicy Couture On Sale [juicycouture-sales.net] is really eye-catching additionally to the sexy style.

Still looking for 3.0.4 kernel tarballs, etcetera (1)

quarkscat (697644) | more than 2 years ago | (#37688012)

I'm still looking for the 3.0.4 linux kernel tarballs, etcetera. The kernel.org front page lists it, but it isn't available through the usual directory tree via HTTP -- 3.0 yes, 3.0.4 no. And I am one gearhead who actually looks through all the Changelogs. That said, I'm glad you're (kernel.org) back up on-line, well mostly ... ;)
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...