Be wise. Be brave. Be tricky. ([info]slithytove) wrote,
@ 2008-05-17 03:14:00
Previous Entry  Add to memories!  Tell a Friend!  Next Entry
Current mood: scared

Say 'Friend', and enter
A major security vulnerability in Debian (and Ubuntu, and probably all the other many Debian-derived distros) has been discovered, and (belatedly) fixed. No damage has been known to be have been done, but everyone involved is still sniping nervously at each other.

It's interesting that, as with airplane crashes, this was not the result of a single error, but a coincidental concatenation of multiple errors, of different sorts, by many individuals. In a way, that's reassuring.

I know, you probably don't run Debian, (unless you're [info]midendian?), and don't care about this. But you might be amused by:

the translation into lolcats;

xkcd's take on the rumpus.


(Post a new comment)


[info]ktnflag
2008-05-17 07:54 am UTC (link)
Oh. Dear.

All our servers at work run Debian and both my husband and I use Ubuntu at home.

I knew we should never have named our cat Linux...

(Reply to this)(Thread)

[info]slithytove
2008-05-17 09:18 am UTC (link)
I don't use SSH, but apparently SSL is used by a lot of different stuff.

Serendipitously, I did a fresh install of Hardy a week or so ago, and moved all my data over. Tonight I ran sudo ssh-vulnkey -a and I get no warnings, so I think I'm okay. But still, it's disturbing.

Of course, as people have been pointing out, it could easily be that this kind of vulnerability happens in Windows or even OS/X on a monthly basis, and is corrected by a security update, without the details ever being known outside the bowels of the Microsoft or Apple. About two and a half years ago, a Windows metafile vulnerability was discovered that had been present since Microsoft created that file format, 15 years before. It was that incident that finally pushed me into Linux.

(Reply to this)(Parent)

[info]sartorias
2008-05-17 01:22 pm UTC (link)
Lord, I don't even know what it is!

(Reply to this)(Thread)

[info]slithytove
2008-05-17 03:30 pm UTC (link)
If you're not using a flavor of Linux, don't worry about it.

Edited at 2008-05-17 03:30 pm UTC

(Reply to this)(Parent)

[info]midendian
2008-05-17 04:24 pm UTC (link)
Yeah I've got like three hundred debian boxes within my control across the Internet. This thing makes me pretty sad!

(Reply to this)

Create an Account
Forgot your login?
Login w/ OpenID
English • Español • Deutsch • Русский…