Announcement

Collapse
No announcement yet.

New Linux Kernel Vulnerability Exploited

Collapse
X
Collapse
 
  • Page of 6
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 6 template Next
  • #41
    Originally posted by duby229 View Post
    Sure I can see the logic in your reasoning, however we live in a modern age of perpetual internet access where hackers cooperate in teams and communities. The vast majority of exploits are developed in public. More often than not the code is distributed for bragging rights and that is how the exploit is found in the first place. This represents the majority of cases and is the reason why turn around time is so important.
    Well, we all want to have something to brag about, is human nature. But sometimes, you have other motivations too. If money is involved, this groups will keep their discoveries as closed as possible. I do not deny that the majority of cases is revealed as soon as found, because most of them is just "look what I've just found, bitches". But sometimes is not.
    Of course turn around time is important, it would be foolish of me to deny that. What I say is that finding it ASAP is important too.

    Comment

    • #42
      Originally posted by Sergio View Post
      (Just a random thought) What if someone (a group of people) is/are being payed by somebody (government?) to find vulnerabilities? I mean, you are right that cooperation between 'good' people is the 'common' case (is it really?), but anyway...
      Oh they are, it's even public in many places (via the yearly funding reports and so on).

      Comment

      • #43
        Originally posted by Sergio View Post
        (Just a random thought) What if someone (a group of people) is/are being payed by somebody (government?) to find vulnerabilities? I mean, you are right that cooperation between 'good' people is the 'common' case (is it really?), but anyway...
        Yeah, there is a ton of money to be made in vulnerability hunting. Some companies specialize in exactly that and make boatloads of money doing it. Governments and corporations pay big money to find flaws in the systems they deploy. The point being that if they know abut the flaw then they can deal with it. Big money.

        Comment

        • #44
          Originally posted by duby229 View Post
          Yeah, there is a ton of money to be made in vulnerability hunting. Some companies specialize in exactly that and make boatloads of money doing it. Governments and corporations pay big money to find flaws in the systems they deploy. The point being that if they know abut the flaw then they can deal with it. Big money.
          Yes... For example, government A knows that government B's infrastructure is built upon Linux. Hence, government B (China? Russia? USA?) obviously won't make any vulnerability that would give them the possibility to hack in goverment A's systems public, assuming that this 'cyberwar' is actually happening. Is it possible that someone (government, corporation, individual...) knows about a critical vulnerability of the latest kernel, and is using it t hack Linux systems, and nobody knows about this? Maybe somebody knew all the time about this 'recent' vulnerability? I think it is completely feasible...

          Comment

          • #45
            Oh of course. Stuxnet for example. Yes cyber war is happening even right now.

            But in the end we are all better off knowing about vulnerabilities than trying to hide them. Especially in the Open Source world. This is where turn around time is so important. Knowing about a vulnerability starts a clock that counts down until it is fixed. The earlier a vulnerability is identified the better off we are because it starts the clock.

            EDIT: I'm not saying that flaws don't exist or that they don't get exploited. Of course yes they do. But I am saying that the sooner they get identified and the lower the turn around time is, the better off we all are.
            Last edited by duby229; 16 May 2013, 07:05 PM.

            Comment

            • #46
              I hate to burst your bubble, but it has already happened multiple times throughout history. Guess what? .... Linux is still here.

              Apache has been hacked seriously a few times. It's the most pervasive web server on the internet. And guess what? .... It still is.

              Your death wish will not come true. Repeating it over and over again in thread after thread isnt going to make it come true.
              Last edited by duby229; 16 May 2013, 07:46 PM.

              Comment

              • #47
                I think Linux will turn out to be one of those things, like Language or the Wheel, that once invented never dies.

                Comment

                • #48
                  Wrong thread. Read the thread title. This thread is about a kernel vulnerability. It doesnt have anything to do with graphics drivers.

                  Now you are just trolling. Blatantly.

                  Comment

                  • #49
                    Originally posted by BO$$ View Post
                    Valve assumed that you run the binary blobs for their steam platform. Without the binary basically nothing works.
                    Are you sure? Portal runs OK here, with R600g. The same in my brother's box, which runs the same driver.
                    Note that I don't quote anything else because I think you are quite right in your other statements.

                    Comment

                    • #50
                      Originally posted by BO$$ View Post
                      I use R300g and it doesn't even start. It says something about a missing extension for opengl. I forgot which one it was.
                      Oh wow, it's no wonder you hate linux.... You don't research your hardware choices before you buy. Well that explains a lot.

                      Comment

                      Previous 1 2 3 4 5 6 template Next
                      Working...
                      X