Critical kernel vulnerabilities by OS reported for 2014

Chat about Linux in general
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Locked
mike acker
Level 7
Level 7
Posts: 1517
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Critical kernel vulnerabilities by OS reported for 2014

Post by mike acker »

I ran across this report purported to be from a "GFI" security company

my gut feel is it's msft propaganda,--
comments ?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
¡Viva la Resistencia!
User avatar
Pjotr
Level 23
Level 23
Posts: 19888
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland) 🇳🇱
Contact:

Re: Critical kernel vulnerabilities by OS reported for 2014

Post by Pjotr »

It's not necessarily propaganda, although rather sensationally communicated, which is a bit suspicious.

But it's always not just a matter of the vulnerability in itself ("an sich", as the Germans say); just as relevant is the question: how likely is it, that my particular system will be affected by this particular vulnerability?

In other words: what's the risk profile for me as, say, simple desktop user? Is it for instance maybe something I only really need to worry about when I run a server?

And even in case your risk profile is high, which is rather rarely the case in Linux: how likely is it, that a fix will be issued soon? What's the responsiveness of the security team of my distro?

So for the time being I'd say: no worries, mate. Over the years, I have seen so many FUD hypes so many times.... :)
http://en.wikipedia.org/wiki/Fear,_unce ... _and_doubt
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
mike acker
Level 7
Level 7
Posts: 1517
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Re: Critical kernel vulnerabilities by OS reported for 2014

Post by mike acker »

More Info : Techspot Report

excerpt
It’s worth mentioning that the remaining seven operating systems in the top 10 were all Microsoft products. Specifically, Windows Server 2008, Windows 7, Windows Server 2012, Windows 8, Windows 8.1, Windows Vista and Windows RT – in that order. If you were to consolidate all of those into a single "Windows" category, then Microsoft would jump ahead of all others by a sizable margin.
the Techspot report seems a bit of a better report although in this case it would seem group indicating the totals by o/s category would have been appropriate
¡Viva la Resistencia!
mike acker
Level 7
Level 7
Posts: 1517
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Re: Critical kernel vulnerabilities by OS reported for 2014

Post by mike acker »

a Good Read on the State of Security All Around the Net Today:

All Around the Net Today

excerpt
As Ken Ammon, chief strategy officer at Xceedium and former president and founder of the security consulting firm NetSec, told Ars, "Hackers only have to be right once, and you have to be right all the time."

"The Internet still does a pretty good job getting packets around," said Ammon. "The question is whether the packets get there securely. It's not really designed for privacy or integrity—mostly resilience."
There are several elements to security I think need to be brought into the public consciousness,--
(1) the operating system needs to be secure;
(2) messages (transmittals) need to be authenticated, and at times secured;
(3) responsibility for authentication needs be shifted to local,-- individual, or corporate CSO.
(4) "apps" need greater isolation, -- names spaces, apparmor, that sort of thing;

Transmittals include software distributions, eMails, and financials.
¡Viva la Resistencia!
niowluka

Re: Critical kernel vulnerabilities by OS reported for 2014

Post by niowluka »

Pjotr wrote:But it's always not just a matter of the vulnerability in itself ("an sich", as the Germans say); just as relevant is the question: how likely is it, that my particular system will be affected by this particular vulnerability?

In other words: what's the risk profile for me as, say, simple desktop user? Is it for instance maybe something I only really need to worry about when I run a server?
Those are key questions. Vulnerability has to be realistically exploitable to present actual risk. Even the famous Shellshock presented practically no danger to Mint users, as most users do not run any services reachable from internet, and those who do, by default run them in dash, which was not affected.
mike acker
Level 7
Level 7
Posts: 1517
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Re: Critical kernel vulnerabilities by OS reported for 2014

Post by mike acker »

Schneier at his best -- really good essay on Privacy and Security
¡Viva la Resistencia!
Locked

Return to “Chat about Linux”