[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y ] [Search | Home]
4Archive logo
zero day found in the Linux kernel
If images are not shown try to refresh the page. If you like this website, please disable any AdBlock software!

You are currently reading a thread in /g/ - Technology

Thread replies: 87
Thread images: 18
File: 1453120746194.jpg (145 KB, 393x391) Image search: [iqdb] [SauceNao] [Google]
1453120746194.jpg
145 KB, 393x391
>zero day found in the Linux kernel
>gives root access
>been around since 2012
HAHAHAHAHAHA! LINUX AND OPEN SOURCE SECURITY LADIES AND GENTLEMEN! PROPRIETARY SOFTWARE WINS ONCE AGAIN!
>>
File: dgekeq.png (277 KB, 500x500) Image search: [iqdb] [SauceNao] [Google]
dgekeq.png
277 KB, 500x500
thats 'cause is open source, cant say much about windows do you? guess theres more security on propietary software... kek!

>>hurr durr my propietary software more secure than your loonix
>>
>got a new kernel a few hours later
open source ladies and gentlemen
>>
>been around since 2012
>no evidence of it ever being used
>making yet another shill thread
Microsoft will give deposit another 10 rupees for your retarded bait thread.
>>
>>52524361
>>52524370
>>52524387
>damage control
>defending Linux incompetency
>>
>>52524298

>pajeet, I posted it again
>>
>>52524298

stop it pajeet
>>
>>52524406
>implying windows has not had way more zero day exploits discovered
>implying linux doesn't patch the exploits far faster than micro$oft
>implying micro$oft exploits found were not utilized the a greater extent
Go home Pajeet
>>
For all we know Windows may have exploits from the NT days, can't tell when the source code is hidden right?

There are always bugs in code, at-least with Linux they will be patched immediately and eventually you will get a very stable and secure system.

With closed and proprietary code, you can only hope nobody gets interested enough in reverse engineering it to find some obscure exploit and use it against a massive amount of people.

Just like what happened with Stuxnet, except lucky for us it only targeted computers that controlled the Iranian nuclear centrifuges. I think they exploited some bug in the printer driver or something like that.
>>
Meanwhile the NSA doesn't even need to use exploits to get root access on your windows system, Pajeet :^);
>>
>>52524298
This shit is retarded. it only works on super specific kernels and distros. I tried it on my laptop, desktop, and school linux server, none of which were vulnerable. It took a hell of a long time though, especially on the laptop.
>>
>>52524298
IE had a vulnerability since the 6th version and its been fixed recently.
Holy shit kid, do you even know what zero day vulnerability means?
>>
>>52524464

Stuxnet spread through non-targeted computers as well. They planted it around the town where the scientists lived. It spread from computer to computer until it reached one of the scientists' computers, he brought home some work on a flashdrive and brought the contaminated drive back to the nuclear reactor. Stuxnet is still out there. It's rumored to have been reverse engineered by a few intelligence agencies.
>>
>security hole found in proprietary software
xD!!!!!!!!!!!!! it's le open source le le best xD
>security hole found in F/OSS
xD!!!!!!!!!!!!! it's le closed source le le best xD

damn, remind me again why I browse this consumerist shithole? a bunch of retarded autists actually think the source model has anything to do with how secure your program is.
>>
So, can't they just trace who made that specific commit on that part of the kernel to see if it was a deliberate underhanded backdoor?
You don't know these days man.
>>
File: rosiak.gif (1 MB, 480x270) Image search: [iqdb] [SauceNao] [Google]
rosiak.gif
1 MB, 480x270
>>52524298
>man made software has bugs
Oh no who would've tell.

At least open sores is open about it.
Unlike closed with it's "nutin wrong, move along goy"
>>
File: 1447847506403.jpg (89 KB, 1280x720) Image search: [iqdb] [SauceNao] [Google]
1447847506403.jpg
89 KB, 1280x720
>>52524298
oh look, a dedicated shitposting thread!
>>
File: 1447705008323.jpg (74 KB, 611x482) Image search: [iqdb] [SauceNao] [Google]
1447705008323.jpg
74 KB, 611x482
>>52524298
>be open sores
>fix vulnerability

>be closed source
>get your encryption keys """"""""""backed up"""""""""" to a central server and grant access to it to the authorities

open: 1
closed: 0
>>
>>52524298
Open source means it's subject to independent research and code audits because everyone can look at the source code. This would be way, way harder to do with the proprietary alternatives, because you wouldn't even know of such security vulnerabilities with closed source applications in the first place.

And I think we can safely assume Microsoft is probably the epitome why proprietary software hardly ever works to the benefit of its users https://www.gnu.org/philosophy/malware-microsoft.html
>>
>>52524590
>damn, remind me again why I browse this consumerist shithole? a bunch of retarded autists actually think the source model has anything to do with how secure your program is.
can you simply explain us why it doesn't ?
>>
File: linus-desk.jpg (93 KB, 924x559) Image search: [iqdb] [SauceNao] [Google]
linus-desk.jpg
93 KB, 924x559
No wonder this guy's software is so buggy. The code is probably as messy as his desk.
>>
File: 1411491936675.jpg (81 KB, 700x520) Image search: [iqdb] [SauceNao] [Google]
1411491936675.jpg
81 KB, 700x520
>>52524494
>NSA doesnt even need to try when cracking linux boxes because the code is so vulnerable
>Meanwhile NSA pleads MS to create backdoors because they can't naturally crack Windows
>>
I will always buy Ubuntu Linux™ because Linux for human beings™. Ubuntu™ also pioneers innovative new technologies like Mir™, Unity™, and the highest quality Linux distribution to ever grace computers.
Ubuntu™ also pioneers in the phone market with its latest Ubuntu Phone™ powered by a synergy of Mir™ + Unity™. With these two innovative technologies combined together creates a breathtaking phone experience. You can ensure no dropped calls. Ubuntu™ is also at the forefront in gaming with its partnership with Valve™ to bring the Steam™ platform to Linux™. When I load up my Nouveau™ open source Nvidia™ driver to power my latest Nvidia™ graphics I'm a destroyer of worlds in my games powerd by Steam™. Power to the gamers™.
Ubuntu Linux™ is also very secure. It's the most secure operating system, and Linux™ distribution on the planet. It's harden against NSA probes, tested by highly trained and experienced open source programming engineers to have ever graced this planet. With such innovative security technologies like root, selinux, iptables, snort, and grsecurity you can ensure all your sensitive data is secured and you're safe on the internet.
At this point in time there's really no reasons to consider Windows™. I tried once. It infected my pc with a plethora of viruses that it caused my pc to overheat and explode. It not only nearly burnt down my house, but the neighborhood.
It's quite clear that OPs a Windows™ shill trying to convince you to settle on something less than the optimal experience with Ubuntu Linux™. Ubuntu™ is the only real way to play games or do anything productive. We've seen that they offer incredible libraries for software developers like Storm and Juju. He is probably too poor to afford the Ubuntu Linux™ experience.
Don't be a poor gamer with bad security. Linux for human beings™ with Ubuntu Linux™
>>
>>52527640
>buy ubuntu.
>>
>>52527453
That's funny, because you can actually verify this yourself.
>>
>>52527594
I can't believe you're this retarded... You do realize that Linux is open source and Windows isn't?

fucking neo-/g/
>>
>>52527594
This.

Cannot believe how far up Linux's ass /g/ is.
Linux has more exploits than Windows, it's a fact.
>>
>>52527827
if you know of exploits in the kernel why don't you share with the class?
>>
This thread sounds like 9 years old arguing over whether Superman could beat Goku.
>>
>>52527827
>Linux has more exploits than Windows, it's a fact.
http://www.computerworlduk.com/blogs/open-enterprise/how-can-any-company-ever-trust-microsoft-again-3569376/
http://www.marketoracle.co.uk/Article40836.html
http://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/

http://www.cvedetails.com/vendor/97/Openbsd.html
http://www.cvedetails.com/vendor/33/Linux.html
http://www.cvedetails.com/vendor/26/Microsoft.html
>>
>>52527869
Google them they come out like every day dude
>>
>>52524441
>implying linux doesn't patch the exploits far faster than micro$oft
http://www.geek.com/apps/25-year-old-bash-shellshock-bug-could-be-more-dangerous-than-heartbleed-1605349/

>critical bug fixed after 25 years.
>25 years

So much for that, freetard.
>>
linux is not focused on security like Linus said
use OpenBSD fools
>>
>>52527924
Fallacy. They didn't know it until then. Microsoft on the other hand first notifies the NSA before patching their vulnerabilities http://www.computerworlduk.com/blogs/open-enterprise/how-can-any-company-ever-trust-microsoft-again-3569376/
>>
>>52527908
>Google them they come out like every day dude
my google seems to be broken. I can't find more than 1 linux-kernel bugs in the last 6 months.

Care to post some examples?
>>
>>52527908
>I have to find the evidence for your shitty argument
Ok mickrocuck
>>
>>52527925
>NSA backdoor
hell no
>>
>>52524298
>shit happens
yeah, it's bad.
however, there were fixes within hours.
this happens all the time with wangblows and apple os x, you just don't hear about it.
also
>font rendering exploit that lead to arbitrary code execution on windows
>>
>>52527967
Stop replying to tripfags, let those ignorance die.
>>
File: rb.jpg (4 KB, 128x144) Image search: [iqdb] [SauceNao] [Google]
rb.jpg
4 KB, 128x144
>>52527766
>>
>>52524464
>can't tell when the source code is hidden right?
Seems like it doesn't matter if yo can see it or not, the l00nix one has been there since 2012

>INB4 hurdadurdur no evidence it has been used

How is that a valid defense?
>>
>>52524298
Are you talking about CVE-2016-0728?

You realize that it requires local offline access to the kernel...ie access to the unencrypted hard drive...at which point you could do all kinds of shit to the system anyway?
>>
>>52524298
joke's on you motherfuckers, my kernel's from 2011 so I don't have the exploit :^)
>>
File: SELinux.jpg (83 KB, 495x777) Image search: [iqdb] [SauceNao] [Google]
SELinux.jpg
83 KB, 495x777
>>52527962
LE NSA meme
>>
>>52528240
no, you just need to be able to run an executable.
>>
>>52524494
>using the smiley with a carat nose
>>
>>52527640
you type like a faggot
>>
>>52528253
>using the smiley with a carat nose
>>
>>52528240
http://www.infoworld.com/article/3024215/linux/zero-day-vulnerability-lets-linux-applications-gain-root-access.html

freetard defense force strikes again.
>>
>>52528308
Which has since then been released with the source code. Are you going to spread your fear monger on foremost and dcfldd too?
>>
>>52528364
>Points out that vulnerability in question requires physical access to the machine
>Microshill responds with another article about exactly the same vulnerability
Then again shills in general don't tend to be the most clever people around...
>>
>>52528396
>implying the NSA hasn't secretly snuck in tons of backdoors over the years.

https://freedom-to-tinker.com/blog/felten/the-linux-backdoor-attempt-of-2003/
>>
>>52528454
You're either a retarded Indian with a reading comprehension or a shit troll.
>>
>>52524464
I'd just like to interject for a moment. What you’re referring to as Windows, is in fact, NSA/Windows, or as I’ve recently taken to calling it, NSA plus Windows. Windows is not an operating system unto itself, but rather another expenseive component of a fully functioning Spy system made useful by the NSA core-spyware, reverse shell utilities and vital keylogging components comprising a full botnet as defined by Gen. J. Clapper.
Many computer users run a modified version of the botnet system every day, without realizing it. Through a peculiar turn of events, the version of spyware which is widely used today is often called “Windows”, and many of its users are not aware that it is basically the NSA system, developed by the NSA. There really is a Windows, and these people are using it, but it is just a part of the system they use.
Windows is the cover: the program in the system that hides the spying resources from the other programs that you run. The cover is an essential part of a botnet, but useless by itself; it can only function in the context of a complete botnet. Windows is normally used in combination with the NSA spyware: the whole system is basically botnet with Windows added, or NSA/Windows. All the so-called “Windows” versions are really versions of NSA/Windows.
>>
>>52524298
Oh is that why I just got an update? Sweet.
>>
>>52528465
Which they attempted to do to the proprietary alternatives as well, mate. They actually succeeded with Microsoft http://www.washingtonsblog.com/2013/06/microsoft-programmed-in-nsa-backdoor-in-windows-by-1.5.html
>>
>>52528487
Did you even read the article and have a look at the CVE-number? Because the number for the vulnerability in the retort article is EXACTLY the same as the one posted by the other guy.
>>
>>52528532
cool link faggot
>>
>>52524406
If this was Microsoft, we never would have heard about it and they would have given it to the NSA to exploit without our knowledge. Nobody ever claimed that open source software doesn't have security holes and bugs, just that it's always preferable to security through obscurity
>>
>>52528554
Argumentum ad hominem.
>>
Lol
Just after that embarrassment with the hitting to backspace the password bypass bug.
>>
File: 1453264979906.gif (152 KB, 500x516) Image search: [iqdb] [SauceNao] [Google]
1453264979906.gif
152 KB, 500x516
>>52524298
>a shitty exploit that requires you to LITERALLY (LI-TE-RAL-LY) access the machine physically
>DURR LINUX IS DED

Please shill, did you not listen in the course? they taught you better than this.
>>
>>52528621
>Implying you can't get root with physical access.
>>
>>52528621
don't go full retard, anon
>>
Fellow normies on here, don't believe the freetard defense force lies. The bug can be exploited via malware which can come from anywhere.

http://www.bankinfosecurity.com/zero-day-flaw-found-in-linux-a-8808/op-1
>>
File: 1437986387310.jpg (81 KB, 419x480) Image search: [iqdb] [SauceNao] [Google]
1437986387310.jpg
81 KB, 419x480
>>52524298
>hating linux so much you have to jump on every opportunity to get a rise out of it's users on an anime image board
>being this autistic
>>
Why is Linux so shit?

Oh, it's because it's made and used by third world shit eaters.
>>
>>52524606
reminds me of that conference posted on jewtube about how easy it is to derail an os project + the funding u.s. agencies receive to do it
>>
>>52528804
>>
>>52528804
zozzle'd
>>
File: 1449199103207.webm (2 MB, 960x540) Image search: [iqdb] [SauceNao] [Google]
1449199103207.webm
2 MB, 960x540
>Linux
>>
>>52524298
It's not a zero day anymore, dipshit. There's a patch out for Debian and CentOS already.
>>
>>52524298
>PROPRIETARY SOFTWARE WINS ONCE AGAIN!
I can't even think of an argument for this
It's just so fucking retarded
>>
>>52529217
dafuq? freetard animu fags will defend this as a work of artistic value.
>>
>>52529271
aw poor anon can't take a joke
>>
>>52529261
Try harder. There are numerous refutations.
>>
>>52524298
If you have PaX enabled in your kernel, most (if not all, even) privilege escalation vulnerabilities are impossible to exploit.
>>
File: 1336915846639.jpg (101 KB, 686x582) Image search: [iqdb] [SauceNao] [Google]
1336915846639.jpg
101 KB, 686x582
>>52524298
>implying there is bug free software
>>
>>52524621
this desu senpai
>>
>>52524298
How does the exploit actually work?
>>
>>52528042
>cuck
Did we stop filtering c.u.c.k. to kek?
Testing with cuck and cuckhold.
>>
>>52528042
also testing t.b.h. f.a.m. usually filtered to desu sempai.
desu senpai
>>
>>52524298
kek are you frigging retarded? you can get administrator access on windows just by booting in recovery mode from a pirated windows disc and it's not even a bug.
>>
>>52529502
kek are you frigging retarded? you can get root access on linux just by booting with "init=/bin/sh" as kernel commandline and it's not even a bug.
>>
>>52524298
vuln half works on Ubuntu systems, tried on RHEL & Gentoo hardened and didn't work.
For some reason it doesn't work on various systems in Ubuntu aswell *

*before patch
>>
File: 1453321130149.png (100 KB, 639x481) Image search: [iqdb] [SauceNao] [Google]
1453321130149.png
100 KB, 639x481
I see /v/ has learnt a new
>le buzzword 0day lolzzzz
Fucking illiterate pieces of shit
>>
File: sec_vul2.png (49 KB, 622x627) Image search: [iqdb] [SauceNao] [Google]
sec_vul2.png
49 KB, 622x627
>>52524298
>Closed source
>Still manages to fuck up security more than Linux
Prajeets will deny this
Thread replies: 87
Thread images: 18
Thread DB ID: 448475



[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y] [Search | Home]

[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y] [Search | Home]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the shown content originated from that site. This means that 4Archive shows their content, archived. If you need information for a Poster - contact them.
If a post contains personal/copyrighted/illegal content, then use the post's [Report] link! If a post is not removed within 24h contact me at [email protected] with the post's information.