[Nolug] Linux expert warns of open source's growing appeal to hackers

From: Chris Johnston <cmjohnston_at_gmail.com>
Date: Thu, 2 Nov 2006 12:10:15 -0600
Message-ID: <563ce9a60611021010l104b163bk99b744e5929785cd@mail.gmail.com>

 Linux expert warns of open source's growing appeal to hackers

by John McCormick
<support@techrepublic.com?subject=Linux%20expert%20warns%20of%20open%20source%27s%20growing%20appeal%20to%20hackers>
| More
from John McCormick
<http://articles.techrepublic.com.com/5171-22-1028057.html> | 10/30/06

*Tags:* Linux <http://search.techrepublic.com.com/index.php?c=1&q=Linux>
| Open
source <http://search.techrepublic.com.com/index.php?c=1&q=Open%20source> |
Hacking <http://search.techrepublic.com.com/index.php?c=1&q=Hacking> | Security
threats<http://search.techrepublic.com.com/index.php?c=1&q=Security%20threats>|
Patches <http://search.techrepublic.com.com/index.php?c=1&q=Patches>

   - Article
   - *Comments:* 3 | *0 NEW* | View all
   <http://articles.techrepublic.com.com/5208-6230-0.html;jsessionid=F5a7obd-jMfi-02P6q?forumID=102&threadID=203472&start=0>
   - *Rating:* Not yet rated Rate
it<http://articles.techrepublic.com.com/5100-1009_11-6130846.html?tag=nl.e138#>

   - Save to my
Workspace<javascript:location.href='http://techrepublic.com.com/5262-6257-0.html?link='+encodeURIComponent(location.href)+'&title='+encodeURIComponent(document.title)>
   - E-mail Article<http://articles.techrepublic.com.com/5103-1009-6130846.html>
   - Print Article<http://articles.techrepublic.com.com/5102-1009-6130846.html>

 *Takeaway: * Alan Cox, a well-respected Linux developer, warned attendees
of London's LinuxWorld that open source software is becoming more attractive
to commercial hackers. In this edition of the IT Locksmith, John McCormick
fills you in on Cox's statement and tells you about a new organization
aiming to stop zero-day exploits.

A Linux guru cautions that open source's growing popularity is attracting
the unwanted attention of more hackers. Meanwhile, a new organization aims
to stop zero-day exploits by making patches available sooner.
Details

Linux expert Alan Cox warned attendees of London's LinuxWorld conference
last week that hackers were putting a lot of money and effort into cracking
Linux and other open source
projects<http://articles.techrepublic.com.com/2100-1009_11-6129835.html>.
Cox, who works for Red Hat, was especially critical of uninformed media
statements about how open source software is more secure and reliable. While
some well-known open source projects are quite secure, the same doesn't hold
true for lesser known projects.

The veteran developer also took a shot at the European Commission's Software
Quality Observatory for Open Source Software (SQO-OSS). The newly launched
project aims to monitor the quality of open source development. It will
release the core code under the BSD license.

Several observers say that SQO-OSS, which boasts a 2.47 million Euro budget,
focuses on the wrong metrics of quality and security, particularly by
counting all bugs as equal. The overall goal of SQO-OSS is to improve the
acceptance and competitiveness of EU software development projects by
demonstrating their security. For a list of the project's goals, check out
this fact sheet<http://cordis.europa.eu/fetch?CALLER=PROJ_IST&ACTION=D&RCN=79362>
.
Less than zero?

Becoming increasingly more concerned about businesses that are ignoring
cyberattacks until they reach the point of wide exploitation, security
experts have coined a new term—the "less than zero-day" attack. Zero-day
attacks are ones that take place between the time of an exploit's
publication and the release of the initial patch or antivirus/malware
signature.

But rather than waiting until "official" vendor patches become available, a
new online organization—the Zeroday Emergency Response
Team<http://isotf.org/zert/>(ZERT)—aims to respond to release reliable
non-vendor "emergency" patches
for exploits as soon as they appear to pose a serious risk of exploitation.
Of special interest to many users may be the ZProtector framework for
patching zero-day vulnerabilities for Windows—beginning with Windows 95! As
you probably know, this range includes a number of platforms no longer
supported by Microsoft.

Although ZERT works with a number of security tool vendors, the organization
has no direct affiliation with any particular vendor. To see how ZERT
approaches emergency patching of zero-day threats as compared to the
official Microsoft patches, check out this ZERT analysis PDF
document<http://isotf.org/zert/papers/vml-details-20061004.pdf>of the
recently patched
CVE-2006-4868 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4868>vulnerability.
Final word

It should be obvious that the growing adoption of Linux by many businesses
and government organizations means a lot of serious commercial hackers will
be turning their attention to exploiting any flaws they can locate. However,
it will likely take a number of public statements from respected Linux
developers to really draw attention to this fact.

And speaking of obvious, it should go without saying that cyberthreats are
most dangerous before an official patch is available. Unfortunately, many
network managers aren't paying enough attention to this reality—even though
their networks are the ones most at risk. I like the idea behind ZERT, but
the project is in its infancy. Only time will tell if ZERT really has the
solution.
------------------------------
Also watch for…

   - Microsoft<http://www.microsoft.com/windows/lifecycle/servicepacks.mspx>has
announced plans to delay
   the much-needed Windows XP
update<http://news.com.com/2100-1016_3-6127551.html>(Service Pack 3)
until the first half of 2008. In other Microsoft news, two
   new vulnerabilities have surfaced in the newly released Internet Explorer 7:
   a spoofing flaw<http://articles.techrepublic.com.com/2100-1009_11-6129626.html>and
a
   pop-up window flaw <http://news.com.com/2100-1002_3-6130614.html>.
   - Secunia has announced that it's now translating security advisories
   into German<http://corporate.secunia.com/products/48/New_Improvements_German_Advisories/>for
German and Danish customers. (What about the Swiss and Austrians?)
While
   computer security has traditionally been an all-English profession
   regardless of users' native languages, this security company has recognized
   that advisories are more accessible to more people when available in more
   languages. Secunia will continue to publish advisories in English first.

------------------------------
Miss a column?

Check out the IT Locksmith
Archive<http://techrepublic.com.com/1200-1009-5735346.html>,
and catch up on the most recent editions of John McCormick's column.

*Want to stay on top of the latest security updates? Automatically sign up
for our free IT Locksmith
newsletter<http://nl.com.com/MiniFormHandler?brand=techrepublic&list_id=e119>,
delivered each Tuesday!*

*John McCormick is a security consultant and well-known author in the field
of IT, with more than 17,000 published articles. He has written the IT
Locksmith column for TechRepublic for more than four years.*
 Page: 1

-- 
Christopher M. Johnston
http://christopherjohnston.blogspot.com
http://www.ecademy.com/user/christopherjohnston
"If I had eight hours to chop down a tree, I'd spend six hours
sharpening my ax." - Abraham Lincoln
___________________
Nolug mailing list
nolug@nolug.org
Received on 11/02/06

This archive was generated by hypermail 2.2.0 : 12/19/08 EST