User: Password:
|
|
Subscribe / Log in / New account

Kernel.org's road to recovery

Kernel.org's road to recovery

Posted Oct 6, 2011 22:49 UTC (Thu) by malor (guest, #2973)
In reply to: Kernel.org's road to recovery by nix
Parent article: Kernel.org's road to recovery

Well, okay, thirteen years ago; I was definitely using Linux for actual production by 1998.

The basic point remains: back then, a security breach was a hassle, but generally cost you only the time to fix it. These days, having your network penetrated can have extremely unpleasant consequences, up to and including death.


(Log in to post comments)

Kernel.org's road to recovery

Posted Oct 7, 2011 9:00 UTC (Fri) by cate (subscriber, #1359) [Link]

But this is a problem of bad security people, not (only) bad kernel.

13 years ago many security people was thinking about perimeters, DMZ, etc. thinking that internal net was safe, because "in control" of security people. Only to discover that they were very wrong: people attached modems (then laptop, then USB disks) against corporate rules.

I think now we have the same problem: some people think that kernel is unbreakable (it they update quickly after announced CVE), thus tend to trust the "computer perimeter" too much.

IMHO if a system can kill a man because of a kernel bug, it means that the security responsible was very incompetent.

Kernel.org's road to recovery

Posted Oct 7, 2011 10:42 UTC (Fri) by ortalo (subscriber, #4654) [Link]

It could possibly be simply that the security team does not have enough authority. Users are not so innocent usually (though generally totally unconscious of that).
Plus, the real culprit is... the attacker.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds