This post is a personification of the stuff that bothers me about the Linux “security” posts. So here are my rambling thoughts about it.
First off, the Mint backdoor has nothing to do with “Linux security” and everything to do with bad security practices by the Mint team. Also, did they seriously suggest using SHA-1 for hashes on a breached server? These attackers had a clear backdoor on the distribution server, they could have generated hashes of any type that they pleased and just replaced them on release. Yet again, you need to actually generate signatures and distribute keys, in addition to hashes. It’s disturbing to me that a company dedicated to Linux security doesn’t even understand that.
Live patching is pretty cool, I don’t know enough about it to honestly make an informed opinion, but it seems like a pretty decent idea to me.
Then they later claim that software is getting better but they point out the 3-6 year lifetime statistic. If anything they are disproving the “it’s getting better” theory.
Why are they listing vulnerabilities for Linux software? Claiming that a operating system has security problems because the software that someone else wrote is vulnerable to run on it is just silly.
All this hubub about kernel self protection and yet again everyone just pretends that spender and the PaX team don’t exist. Kernel self-protection is very important, but it’s almost like they don’t even consider the Grsecurity teams point of view. They have always pointed out that they are focused on squashing bug classes, not individual bugs. That is not how the kernel developers seem to think. Thank goodness for them, I’ve had non-executable pages, real ASLR, RBAC, hardened chroots, PaX, insanely granular auditing, trusted path execution, now RAP, and more for ages.
Then there is the entire unsubstantiated claim about “Linux Malware”.
And while the effectiveness of most rootkits diminished, malware on Linux looks to be growing.
I don’t know where these CISofy is pulling that from… Because I’ve observed some awesome rootkits as of late.
In summary, I think that the sudden popularity of Linux and the culture of ignoring security that the kernel devs have propagated will continue to bite us until there are drastic changes. The “State of Linux Security” is exactly the same as it was before all the security projects and it will continue to be. I swear that some of the blue team types don’t understand that the attackers don’t play by their rules.
As a side note, I find this post by CISofy extremely confusing, Lynis is a decent checkup tool that I’ve used myself and a product that was on my good side. Now I think that I need to re-evaluate it based on this post.
This post is a personification of the stuff that bothers me about the Linux “security” posts. So here are my rambling thoughts about it.
First off, the Mint backdoor has nothing to do with “Linux security” and everything to do with bad security practices by the Mint team. Also, did they seriously suggest using SHA-1 for hashes on a breached server? These attackers had a clear backdoor on the distribution server, they could have generated hashes of any type that they pleased and just replaced them on release. Yet again, you need to actually generate signatures and distribute keys, in addition to hashes. It’s disturbing to me that a company dedicated to Linux security doesn’t even understand that.
Live patching is pretty cool, I don’t know enough about it to honestly make an informed opinion, but it seems like a pretty decent idea to me.
Then they later claim that software is getting better but they point out the 3-6 year lifetime statistic. If anything they are disproving the “it’s getting better” theory.
Why are they listing vulnerabilities for Linux software? Claiming that a operating system has security problems because the software that someone else wrote is vulnerable to run on it is just silly.
All this hubub about kernel self protection and yet again everyone just pretends that spender and the PaX team don’t exist. Kernel self-protection is very important, but it’s almost like they don’t even consider the Grsecurity teams point of view. They have always pointed out that they are focused on squashing bug classes, not individual bugs. That is not how the kernel developers seem to think. Thank goodness for them, I’ve had non-executable pages, real ASLR, RBAC, hardened chroots, PaX, insanely granular auditing, trusted path execution, now RAP, and more for ages.
Then there is the entire unsubstantiated claim about “Linux Malware”.
I don’t know where these CISofy is pulling that from… Because I’ve observed some awesome rootkits as of late.
In summary, I think that the sudden popularity of Linux and the culture of ignoring security that the kernel devs have propagated will continue to bite us until there are drastic changes. The “State of Linux Security” is exactly the same as it was before all the security projects and it will continue to be. I swear that some of the blue team types don’t understand that the attackers don’t play by their rules.
As a side note, I find this post by CISofy extremely confusing, Lynis is a decent checkup tool that I’ve used myself and a product that was on my good side. Now I think that I need to re-evaluate it based on this post.