Critical Linux vulnerability exposed

blackgold>>

http://www.vnunet.com/vnunet/news/2217134/linux-vulnerability-exposed

FruitLover

http://boards.ie/vbulletin/showthread.php?t=2055295175
(and reported on Secunia over a week ago)

This is a Debian-specific openSSL vulnerability, not a 'linux' vulnerability.

Oracle

Interesting post, but I smell something fishy and rotten. What has this video got to do with the Debian vulnerability issue? I don't see any connection. The company who identified the problem are Fortify Software ".... the software security vendor of choice of government agencies and Fortune 500 companies...." according to SoftwareMag.com If that's true it's easy to see why they might have a vested interest in criticising Linux. Digging a little deeper Fortify Software's Board of Directors reads like a virtual who's who of software industry big wigs. Most of whom have been involved with major software corporations like Symantec, Siebel, Oracle, IBM and Microsoft. That doesn't take away from the potential security vulnerability in this Linux distribution, but it does help everyone to see the bigger picture:

Ted Schlein, Chairman
Former Vice President of Networking and Client Server Technology at Symantec Corporation. VP of Symantec's European business development and as Vice President of the Data Management Group.

Ken A. Goldman, Director
Was Senior Vice President, Finance and Administration, and Chief Financial Officer of Siebel Systems. Prior to joining Siebel Systems, he held Chief Financial Officer positions at Excite@Home, Sybase, Cypress Semiconductor, and VLSI Technology.

John M. Jack, Director
held CEO and executive positions at Covalent, Shaman Corporation, The Vantive Corporation, and Sybase, Inc.

Tod Nielsen, Director
Mr. Nielsen is President and CEO of Borland Software Corporation. Held executive level positions at companies such as Microsoft Corporation, BEA Systems and Oracle Corporation.

Howard Schmidt, Director
He has been Chief Information Security Officer and Chief Security Strategist of eBay. Mr. Schmidt is the former Cyber Security Advisor for the White House. He formerly was the Chief Security Officer for software giant Microsoft and helped establish the Trustworthy Computing Program.

Roger Thornton, Director
Serving in engineering and product management roles at top-tier technology companies including Cypress Semiconductor, Apple/Taligent, and Sun/JavaSoft.

Bob Spinner, Director
Bob joined Sigma in 2003 as Venture Partner and in 2006 became Managing Director.

Dick Williams
A successful 22 year career at IBM, Williams guided companies including Digital Research, Illustra Information Technologies and Wily Technology.

It's interesting that if as Fredrick Lee of Fortify Software says, "This flaw has been available to hackers for more than two years." that it doesn't seem to have been widely exploited. It's even more strange given the millions of Ubuntu and other Debian distribution users throughout the world. If the vulnerability was widely exploited there would have been thousands of secure transactions compromised and online bank accounts broken into. I'm sure the vulnerability will be fixed, but that doesn't stop opponents of Linux making the most of the opportunity.

cance

i dont get the relevance of the movie?

Oracle

It's interesting that in the video the person with the camera just happens to be sitting a few seats away from the "protester." Maybe the protester saw the camera and positioned himself beside it?, or maybe they know each other? Or is it just co-incidence? Either way the camera was ideally placed to get a great picture of Ballmer and the egg-thrower. It's also interesting that what looks like a talk to a group of university students would be videoed at all. Anyway Ballmer was never in any real danger of being hurt, he had a huge podium to hide behind, that was fortunate.

I'd say the person who threw the egg has nothing to do with Linux, because no Linux supporter would go around wearing a shirt with Microsoft emblazoned across the back. The person who posted this video on YouTube, Zoli Erdos, who has "....spent 15 years immersed in the business of Enterprise Software, at management positions with SAP, IBM, Deloitte, KPMG ...." doesn't sound like your typically YouTube anti-Microsoft video poster either.

Grudaire

Oracle wrote: »

It's interesting that in the video the person with the camera just happens to be sitting a few seats away from the "protester." Maybe the protester saw the camera and positioned himself beside it?, or maybe they know each other? Or is it just co-incidence? Either way the camera was ideally placed to get a great picture of Ballmer and the egg-thrower. It's also interesting that what looks like a talk to a group of university students would be videoed at all. Anyway Ballmer was never in any real danger of being hurt, he had a huge podium to hide behind, that was fortunate.

To be fair the room is plastered with camera's... It'd be impossible for him not to be near one!

dulpit

I don't understand what the point of that video was...

SouperComputer

So do we start posting videos for every *doze Critical Flaw that gets exposed?