like Heartbleed the media clowns are yelling at Linux. and if you only read the headline that's the impression you'd get. but you'd be a bit off base: Linux was not the target.
the article goes on :
so it is the PHP/CMS that got hit rather than Linux.Mayhem was discovered in April this year and does not require a privilege escalation vulnerability - it does not have to run as the root super user - to work on Linux-based systems, or on FreeBSD servers.
Servers are infected through the execution of a hypertext preprocessor (PHP) script that establishes Mayhem on the victim computer and sets up a communications channel with a command and control server.
the same could happen to any browser -- just by installing a bad plug-in.
I like the MD5 signature applied to our ISO distributions. all software distributions need some type of authentications. even a simple 32-bit CRC would make hacking so much more difficult. pundits yell "MD5 has been hacked". yep. I read the description of what has to be done to do it and it ain't no easy job. the attacker would need to doctor up his attack to not only include his attack code -- and then also to produce a collision -- i.e. identical MD5 hash. there would have to be a lot of loot on the table before anyone would attempt it .
if we simply check the file size in addition to the MD5 or CRC the attack will again become much more difficult. and if we just go to (e.g.) SHA-256 it's gonna be Game Over (tee hee ) at least for the moment.