IIRC, that was more about auditing the “supply chain” of apps and Linux. Some college kids were purposefully trying to get malware on the mainline Linux repo and obviously got themselves banned from touching Linux.
Otherwise it’s just been normal security vulnerability type stuff? There was also a long-existing bug found in a very common library recently, but that’s very solidly in the normal flow of security research, the bug just happened to be sitting there a while.
Linux of course is a target and has malware. It’d be completely stupid of attackers to ignore Linux because the vast majority of servers run it. It’s a readily available target with lots of goodies on those servers.
I don’t think it was just some college kids, I could have sworn their professor was specifically getting his students to perform as bad actors to support some super-biased research papers he was trying to publish.
Yeah but this wasn’t recent, this one was like 4 or 5 years ago unless it happened again. If I remember correctly it got the entire University’s email address banned from contributing to the kernel
Oh yeah, I get what you’re saying. Yeah, two completely separate instances. Although, from the sound of it, there are a surprising number of people who seem to think that sabotaging Linux and hacking Linux are the same thing. I mean, I guess a pirate can sail on any ship, right?
Yeah but antivirus software doesn’t pick up zero days, which is what you should really be concerned about.
I had some Chinese radios a few years ago, they were proper radios that you could program for all sorts of stuff. I had the software on a USB stick, then plugged it in about 5 years later - pinged up with all sorts of viruses that weren’t detected previously.
They don’t catch zero-day exploits, as those are vulnerabilities in programs that were discovered to be used in the wild. They will eventually catch the malware dropped through those exploits, though.
Hasn’t a bunch of malware spyware and other malicious shit been found all over decades old Linux stuff the last couple months?
IIRC, that was more about auditing the “supply chain” of apps and Linux. Some college kids were purposefully trying to get malware on the mainline Linux repo and obviously got themselves banned from touching Linux.
Otherwise it’s just been normal security vulnerability type stuff? There was also a long-existing bug found in a very common library recently, but that’s very solidly in the normal flow of security research, the bug just happened to be sitting there a while.
Linux of course is a target and has malware. It’d be completely stupid of attackers to ignore Linux because the vast majority of servers run it. It’s a readily available target with lots of goodies on those servers.
I don’t think it was just some college kids, I could have sworn their professor was specifically getting his students to perform as bad actors to support some super-biased research papers he was trying to publish.
Yeah but this wasn’t recent, this one was like 4 or 5 years ago unless it happened again. If I remember correctly it got the entire University’s email address banned from contributing to the kernel
Oh yeah, I get what you’re saying. Yeah, two completely separate instances. Although, from the sound of it, there are a surprising number of people who seem to think that sabotaging Linux and hacking Linux are the same thing. I mean, I guess a pirate can sail on any ship, right?
Yeah but antivirus software doesn’t pick up zero days, which is what you should really be concerned about.
I had some Chinese radios a few years ago, they were proper radios that you could program for all sorts of stuff. I had the software on a USB stick, then plugged it in about 5 years later - pinged up with all sorts of viruses that weren’t detected previously.
They don’t pick up anything that they don’t know about, so once the zero day is known the antivirus/malware can find and remove it I thought.
They don’t catch zero-day exploits, as those are vulnerabilities in programs that were discovered to be used in the wild. They will eventually catch the malware dropped through those exploits, though.