Search:
Tip: Please give your vote in at least one Picks Poll to enable search results. Thank you.
Search for phrase rather than keywords
(e.g. turn on to find exact phrase “Vanessa Hudgens bush” rather than pages featuring “Vanessa”, “Hudgens”, and “bush” within but not necessarily exact phrase).

Cyber attacks, the tentacle trope and Linux security

3rd December 2016

Page: prev. | 1 | next

Note: This post has been moved from Latest Picks due to length of extended updates.

UK homes lose internet access after cyber-attack (theguardian.com).

Is Linux really safer?
Kylie Jenner—“tentacle trope”
As with the “tentacle trope” lack of OS market share was the surrogate for actual proven security of any OS not by Microsoft after all.

“Tentacle trope” (Wikipedia)

“More than 100,000 people in the UK have had their internet access cut after a string of service providers were hit by what is believed to be a coordinated cyber-attack, taking the number affected in Europe up to about a million.”

Nothing particularly unusual about that you might think, botnet causing DDoS (webopedia.com) outage spread to devices—termed “zombified”—but, indeed, it’s what—as has been reported before—devices, and what operating system they are using that might give some a laugh considering it comes from a family supposedly not as susceptible OS evangelists will swear to you—although often with a “well it does but” caveat (Wikipedia)—to malware as say Micro$oft Windows, with the many, many years of market shade leaving such claims not really proven:

“TalkTalk, one of Britain’s biggest service providers, the Post Office and the Hull-based KCom were all affected by the malware known as the Mirai worm, which is spread via compromised computers. … The Mirai worm takes control of devices running the Linux operating system and uses them to knock services offline. This attack has targeted certain types of broadband routers, damaging their internet connection.”

Crikey! Who knew that Linux, party because of its installation on devices not really promoting need for third party security and those comprising the “Internet of Things” (thisisnocave.blogspot.co.uk, 28th Aug./27th Sept. 2016), could be really starting to look like Java, the once predicted—and in truth worrying in actuality—to be running on everything from video recorder to ATMs to, indeed, many Android apps: The death of Java in the enterprise? (darkreading.com, Jan. 2013).

So, who doing, and what for, is it Anonymous/Lizard Squad run up to spoiling gamers Christmas again (Latest Picks 26th December 2014) or…

“Earlier this week, Germany’s Deutsche Telekom said up to 900,000 of its customers had lost their internet connection as part of the same incident. No one has claimed responsibility for the attack, which both Deutsche Telekom and KCom said was part of a worldwide effort. Security experts said the hackers may have been Russian but they had no proof.”

So, it was the Russkies, Putin’s hacktorial “polite people?” But, then again, they seem to be having similar cyber-attack issues too, and for them, it’s easier to shoulder the blame onto their choice of target:

Russia says foreign spies plan cyber attack on banking system (reuters.com).

“Russia said on Friday it had uncovered a plot by foreign spy agencies to sow chaos in Russia’s banking system via a coordinated wave of cyber attacks and fake social media reports about banks going bust. Russia’s domestic intelligence agency, the Federal Security Service (FSB), said that the servers to be used in the alleged cyber attack were located in the Netherlands and registered to a Ukrainian web hosting company called BlazingFast.”

Regardless, it probably still is Micro$oft Windows 10’s fault (Latest Picks 26th Aug. 2016), at least for those still aiming to get mothers and uncle to ditch the familiarity of their Windows OS for a particular and insisted upon flavour of Linux.

Updated 21st December 2016

And, indeed, there’s likely to be a lot more Linux-powered Internet of insecure Things under that sparkly tree this year:

Smart homes haunted by the cyber-ghost of Christmas future (bbc.co.uk).

“One nightmare vision for the future is an internet plagued with DDoS attacks based on IoT devices, including some sitting under your Christmas tree this year. Perhaps what we now need is the modern-day equivalent of Dickens’s Ghost of Christmas Yet to Come to scare device-makers and the public into changing their ways before it’s too late.”

Said “changing of ways” obviously being migrating away from Micro$oft products… or is that mantra wearing the same now very grey cardigan as those still trying to prove Linux’s secure file system makes things more secure when the weak link is still, and will always be, a tricked user?

“The IoT holds great promise. We have the potential to network a whole new generation of smart devices: everything from fridges, kettles and toasters to the systems that heat your home and keep an eye on your cat. … Unfortunately, the technologies that enable these devices to be ‘smart’ can pose a security threat.”

Or is it just the competitive ever speeding rush to sell more “smart” stuff the “smart” money bet for being the greatest security risk? But, I hear the protest before being cold-shouldered for a month, it’s the IoT’s fault, not Linux’s, with which I agree but, same could be said as to why Microsoft found itself more “open” to viruses in that heyday: Linux and the Internet of Things (linuxjournal.com, Sept. 2015).

“Linux is the final component that makes the Internet of Things a reality—the glue that holds everything together. How, you ask? Well, let’s look at a typical product and try to understand how Linux contributes to and affects each step of development. … Through the years, Linux has become such a complete solution that you would need to find an incredibly convincing argument to choose an alternate approach to a hardware OS.”

Or “alternate” offered open source distanced cheap to negate need to develop or invest in themself?

Updated 4th January 2017

Most security vulnerabilities reported for Google’s Android operating system in 2016 (myce.com).

“Android was the software product with the most reported security issues last year, according to numbers compiled by CVE Details. For Google’s mobile operating system 523 vulnerabilities were reported.”

With Debian and Ubuntu Linux in 2nd and 3rd positions, Mac Os X at 11th and with Mico$oft’s Win 10 coming in at 14. I guess it’s still blasphemy to suggest which one seemed to had weathered and learnt from long proven trial and error experience to improve its security, which Linux/OS X will have to do too now a significant market share makes exploit targeting worthwhile on those platforms.

Top 50 products by total number of “distinct” vulnerabilities in 2016

Updated 6th January 2017

And based on ultra secure Unix Apple OS fairs no better when it comes to real-world exploiting which has been all over the news today but has actually been known for a few months with workaround and not much else being advised to fill the spammer hole:

How to block the annoying iCloud calendar spam invites without alerting spammers (iphonehacks.com).

“Over the weekend, a lot of people I know have been affected by the iCloud calendar spam. It’s a smart move by the spammers. Because email filters are now so good, they’re look at alternative sources. Turns out, iCloud’s filtering system isn’t so good after all. And just like that, we end up with invitations to ‘events’ for buying ‘Ray-ban’s.”

Indeed, anyone getting déjà vu circa MSN Messenger era Windows?

Recent/related stories

Page: prev. | 1 | next

Tip: Please give your vote in a Poll to enable Tags search results. Thank you.