Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Worm Spreading, Many Systems Vulnerable

Posted by timothy on from the patchy-patchy dept.

sverrehu writes "A GNU/Linux worm exploiting a bug in OpenSSL spreads through vulnerable Apache web servers, according to Symantec. The worm, which was first reported in Europe, targets several popular Linux distributions. See also the SecurityFocus vulnerability listing for the OpenSSL bug." sionide also writes: "Netcraft recently published a report which explains that a large portion of Apache systems are still unpatched (halfway down). To protect yourself please upgrade to OpenSSL 0.9.6g."

6 of 546 comments (clear)

  1. Re:haha HAHA haha by c1pher · · Score: 0, Flamebait

    yeah, it's not perfect - it can't keep a consistant vulnerability release each week, like IIS does. :-P

    --
    The Adult Happy Meal - "I'm lovin' it!"
  2. This is a sign... by kko · · Score: 0, Flamebait

    of Winblows admins moving to *NIX, and having no patching discipline.....

    --
    No, seriously, I just come here for the articles.
  3. msft by skydude_20 · · Score: 1, Flamebait

    where's the microsoft FUD of reasoning stating that this is exactly why you shouldn't switch to Linux

    --
    Jesus saves souls and redeems them for valuable cash prizes
  4. Comment removed by account_deleted · · Score: 2, Flamebait

    Comment removed based on user account deletion

  5. Re:I hate to say it by the+eric+conspiracy · · Score: 1, Flamebait

    His point, nitwit, is that there are more microsoft boxes than linux ones.

    Jackass, there are more Linux boxes running as webservers than there are Windows boxes running as webservers.

  6. but, but, but by TheAncientHacker · · Score: 1, Flamebait

    All these years we've been told that Open Source software is immune to bugs like this. We've been told it's because all those eyes catch the bugs and the faults are caught long before production. And on top of this, the admins maintaining Apache were better because they had to learn cryptic command lines and text files rather than IIS admins having point and click. After all, if any program met these criteria it is Apache with all those eyes reviewing it for production and even more eyes studying it to create mods and all those professional *ix admins instead of MCSEs.

    You mean that was all a lie and the real reasons why IIS was seeing more vulnerabilities was that nobody bothered writing exploits against Apache.

    Huh. Guess it's time to rip another few pages out of "The Cathedral and the Bazaar". I think that leaves the title page and ESR's bio. On second thought, make that just the title page.