Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Worm Creating "Attack Network"

Posted by CmdrTaco on from the no-excuse-for-a-bad-admin dept.

RomSteady writes "In what could be a case of the free pot calling the expensive kettle black, C|Net is reporting that a new Linux worm is "creating a rogue peer-to-peer network that has been used to attack other computers with a flood of data" and has already infected at least 3,500 servers. Seems it is true...the security of your web server depends on how effective you are at keeping up to date on patches, no matter if you are running Windows or Linux."

6 of 465 comments (clear)

  1. Well Duh! by libertynews · · Score: 5, Insightful

    Anyone who thinks that solely because they run open source they are immune to attack is an idiot. Look at how wide open a default RedHat 6.2 install is.

    This new attack is easily avoided by upgrading your OpenSSL version to 0.9.6e, and this should have been done by now. The hole has been known and example exploit available for a while now, as anyone who follows the bugtraq list would know.

    Security is an ongoing process. You have to stay on top of it if you run machines that are not turned off and locked in a basement. There is just no way around the fact that there will always be bugs in software, and these days that commonly means security holes as well.

    --
    Remember Lexington Green!
  2. The Diierence.... by the+eric+conspiracy · · Score: 5, Insightful

    Seems it is true...the security of your web server depends on how effective you are at keeping up to date on patches, no matter if you are running Windows or Linux.

    I'd agree with that statement - the difference being that with the Windows patch you may need to restart your server (bad), and you may have to swallow a new EULA (could be VERY bad).

  3. Re:Is this talking about the SSL hole? by coupland · · Score: 5, Insightful

    The systems that are getting hit are the ones with lazy admins who don't promptly follow up on security patches.

    Why do topics like this always have to degenerate into a holier-than-thou diatribe by a self-righteous few? I'm running a vulnerable system and it isn't because I'm "lazy" as you so kindly put it. I run Linux on my *desktop* and use it to play Quake, surf the web, and share out some HTML pages for my family. I run RH7.2 (only one version behind, bub) and run Ximian Red Carpet and up2date regularly. But no, I don't read bugtraq for the sheer joy and I usually wait for RPMs to come out before I install a patch. The unfortunate downside to RPMs is that if you compile your own software the RPM database starts to choke on its biscuits. So maybe, just maybe it's not that people who don't upgrade same day aren't lazy. Maybe we just don't have as much time or interest as you to troll bugtraq or more so, troll /. acting all high and mighty because of the stinking version of OpenSSL they run.

  4. Is Linux now a POS? by Oliver+Defacszio · · Score: 5, Insightful
    Should we immediately start referring to Linux (et al) as an easy touch for these worms? This is now two serious vulnerabilities in the last three days. Sure, there are fixes available, but there are also fixes quickly available for similar Windows holes and, yet, when "sysadmins" don't apply them, everyone blames Microsoft. So, that means Linux sucks too, right?

    Let's face some facts, there are probably more "forgotten" Linux servers than Windows ones, simply because Linux can run unattended for months at a time and Windows cannot. Making the reasonable assumption that a sizable number of these neglected machines will not be fixed, suddenly Linux and OSS looks no better than the Windows machines that are still infected with Nimda or something similar because no one has been bothered to apply patches.

    I await your wrath for being reasonable.

    --

    -
    Inventor of the term 'pardon my French'.
    1. Re:Is Linux now a POS? by shepd · · Score: 5, Insightful

      >So, that means Linux sucks too, right?

      No, Linus didn't make Apache or the OpenSSL library (the real problem).

      If anyone deserves the blame for this, its the OpenSSL team themselves (and I would hedge a bet more of them work for BSD rather than Linux, just by the license). They caused the vulnerability. One would think that a team of programmers who are trying to create a set of high-security tools wouldn't _ever_ have a buffer overflow. That's the kind of mistake a green programmer like myself would make.

      The fact is people blame Microsoft for Nimda because Microsoft made the vulnerable IIS webserver. Blame went where blame was due.

      So, anyways, blame the right people. Microsoft for IIS, OpenSSL team for OpenSSL.

      --
      If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
  5. Re:Distributions, sub-version #'s, & straight by GigsVT · · Score: 5, Insightful

    You are full of shit. Distros roll patches and bugfixes back into the stable and tested version, and release a new -subversion. Try using a modern distro sometime. I can't believe you flamed that guy, out of your own ignorance.

    openssl-0.9.6b-28 is the current red hat version, and it is fully fixed.

    It even shows the old version if you run openssl version:
    OpenSSL 0.9.6b [engine] 9 Jul 2001

    It is, however completely patched, and came out in early August.

    Modern distros value stability in current releases, and will not upgrade to the latest version just to get a bugfix. This is the value they add, you don't have to worry about a security patch breaking some critical functionality. /me puts the cluestick back in its holster.

    --
    I've had enough abrasive sigs. Kittens are cute and fuzzy.