Slashdot Mirror
Critical Security Hole in Linux Wi-Fi
thisispurefud writes "A flaw has been found in a major Linux Wi-Fi driver that can allow an attacker to run malicious code and take control of a laptop, even when it is not on a Wi-Fi network."
← Back to Stories (view on slashdot.org)
Once again, Linux is safe from such a common attack because only seven people have successfully set up WPA. If this had been a Windows flaw, where every machine natively understands WPA and no work at the command prompt is needed, this would be disastrous.
This shows that Linux has been taking the right stand. By making the machine difficult to get running, it's unlikely that the machine will be able to connect to anything and become infected. Windows made the mistake of making the machine easy to use, allowing for simply network connection and ease of ownership (OWN3D).
Dekker Dreyer
DefectiveByDesign? Oh wait ... wrong OS.
... this was fixed 4 months ago?
http://madwifi.org/changeset/1842
... this was fixed 4 months ago?It looks that way to me.
Unless this is a different vulnerability, Debian applied the fix over four months ago, two days after the patch was available, and eight days after the vulnerability was first reported
I saw the article and immediately started aptitude to get the fix, only to discover that I already got it, two weeks before Christmas. Nice.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Um, "Joe Linux" here, chiming in. I run Fedora, which was pre-installed on oddball hardware. If Fedora has automatic updates like Ubuntu, and if they just work, I sure as hell haven't heard about them. The Fedora repository is about 10% of the way to useful. 15%, when I'm feeling charitable. I'm on Core 3 because I haven't found a distro that can deal with my system, and, since I'm a biology geek not a computer geek, I have no idea what to do or the time to spend finding out.
It gets worse. I don't even know if I'm running a madwifi driver or not. I looked at the running processes, but there's nothing obvious there. I don't know if madwifi is called something else in the process list. I do know I have a Atheros chip.
The point I'm trying to make is more than just displaying ignorance. The point is that it may be hard for those of you who are close to the subject to realize just how opaque it is to those of us who aren't. If you're in the know, share their knowledge. It's kind of frustrating, from my perspective, to hear, "It's all automatic, and if it's not, you're just too hopeless to deal with."
(All that said, you're quite right that when updates are applied automatically and effectively, both the clueless and the clued benefit. That's why I'm getting my next system with Ubuntu on it!)
You won't be getting any updates for FC3 since the Fedora Project has dropped support for that. If you like the Fedora distribution you can go with FC6 or wait for May 24 when FC7 is due to be released. Otherwise, Ubuntu is a fine distribution.
Try this:
What? ®
3. C/C++ make it really easy to screw up.