I ran across this report purported to be from a "GFI" security company
my gut feel is it's msft propaganda,--
comments ?
Critical kernel vulnerabilities by OS reported for 2014
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
-
- Level 7
- Posts: 1517
- Joined: Wed Jul 31, 2013 6:29 pm
- Location: Kalamazoo, MI
Critical kernel vulnerabilities by OS reported for 2014
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
¡Viva la Resistencia!
- Pjotr
- Level 24
- Posts: 20072
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Critical kernel vulnerabilities by OS reported for 2014
It's not necessarily propaganda, although rather sensationally communicated, which is a bit suspicious.
But it's always not just a matter of the vulnerability in itself ("an sich", as the Germans say); just as relevant is the question: how likely is it, that my particular system will be affected by this particular vulnerability?
In other words: what's the risk profile for me as, say, simple desktop user? Is it for instance maybe something I only really need to worry about when I run a server?
And even in case your risk profile is high, which is rather rarely the case in Linux: how likely is it, that a fix will be issued soon? What's the responsiveness of the security team of my distro?
So for the time being I'd say: no worries, mate. Over the years, I have seen so many FUD hypes so many times....
http://en.wikipedia.org/wiki/Fear,_unce ... _and_doubt
But it's always not just a matter of the vulnerability in itself ("an sich", as the Germans say); just as relevant is the question: how likely is it, that my particular system will be affected by this particular vulnerability?
In other words: what's the risk profile for me as, say, simple desktop user? Is it for instance maybe something I only really need to worry about when I run a server?
And even in case your risk profile is high, which is rather rarely the case in Linux: how likely is it, that a fix will be issued soon? What's the responsiveness of the security team of my distro?
So for the time being I'd say: no worries, mate. Over the years, I have seen so many FUD hypes so many times....
http://en.wikipedia.org/wiki/Fear,_unce ... _and_doubt
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
-
- Level 7
- Posts: 1517
- Joined: Wed Jul 31, 2013 6:29 pm
- Location: Kalamazoo, MI
Re: Critical kernel vulnerabilities by OS reported for 2014
More Info : Techspot Report
excerpt
excerpt
the Techspot report seems a bit of a better report although in this case it would seem group indicating the totals by o/s category would have been appropriateIt’s worth mentioning that the remaining seven operating systems in the top 10 were all Microsoft products. Specifically, Windows Server 2008, Windows 7, Windows Server 2012, Windows 8, Windows 8.1, Windows Vista and Windows RT – in that order. If you were to consolidate all of those into a single "Windows" category, then Microsoft would jump ahead of all others by a sizable margin.
¡Viva la Resistencia!
-
- Level 7
- Posts: 1517
- Joined: Wed Jul 31, 2013 6:29 pm
- Location: Kalamazoo, MI
Re: Critical kernel vulnerabilities by OS reported for 2014
a Good Read on the State of Security All Around the Net Today:
All Around the Net Today
excerpt
(1) the operating system needs to be secure;
(2) messages (transmittals) need to be authenticated, and at times secured;
(3) responsibility for authentication needs be shifted to local,-- individual, or corporate CSO.
(4) "apps" need greater isolation, -- names spaces, apparmor, that sort of thing;
Transmittals include software distributions, eMails, and financials.
All Around the Net Today
excerpt
There are several elements to security I think need to be brought into the public consciousness,--As Ken Ammon, chief strategy officer at Xceedium and former president and founder of the security consulting firm NetSec, told Ars, "Hackers only have to be right once, and you have to be right all the time."
"The Internet still does a pretty good job getting packets around," said Ammon. "The question is whether the packets get there securely. It's not really designed for privacy or integrity—mostly resilience."
(1) the operating system needs to be secure;
(2) messages (transmittals) need to be authenticated, and at times secured;
(3) responsibility for authentication needs be shifted to local,-- individual, or corporate CSO.
(4) "apps" need greater isolation, -- names spaces, apparmor, that sort of thing;
Transmittals include software distributions, eMails, and financials.
¡Viva la Resistencia!
Re: Critical kernel vulnerabilities by OS reported for 2014
Those are key questions. Vulnerability has to be realistically exploitable to present actual risk. Even the famous Shellshock presented practically no danger to Mint users, as most users do not run any services reachable from internet, and those who do, by default run them in dash, which was not affected.Pjotr wrote:But it's always not just a matter of the vulnerability in itself ("an sich", as the Germans say); just as relevant is the question: how likely is it, that my particular system will be affected by this particular vulnerability?
In other words: what's the risk profile for me as, say, simple desktop user? Is it for instance maybe something I only really need to worry about when I run a server?
-
- Level 7
- Posts: 1517
- Joined: Wed Jul 31, 2013 6:29 pm
- Location: Kalamazoo, MI
Re: Critical kernel vulnerabilities by OS reported for 2014
Schneier at his best -- really good essay on Privacy and Security
¡Viva la Resistencia!