9:04 p.m.
Is this true? (for Linux)
http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Mac...
Btw, I could not find any source other than this.
Thanks,
--
Danishka Navin
http://danishkanavin.blogspot.com
http://twitter.com/danishkanavin
http://www.flickr.com/photos/danishkanavin/
3:19 a.m.
On 02/09/12 03:04, Danishka Navin wrote:
Is this true? (for Linux)
http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Mac...
Btw, I could not find any source other than this.
Thanks,
--
Danishka Navin
http://danishkanavin.blogspot.com
http://twitter.com/danishkanavin
http://www.flickr.com/photos/danishkanavin/
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
If it is, it just
reinforces that you cannot rely on anything for
security, because there is no such thing as a secure system, as long as
us filthy useless humans write code. Nobody in the linux community ever
made such promises any way.
Just keep updated, install and run clamav every so often, maybe install
and configure tripwire/aide, do not download dodgy stuff, follow and
click random dodgy links. Same applies to any other operating system really.
Compared to many other systems, GNU operating systems can still have
issues, but far less, and if they do the issue is fixed much quicker.
Not much else to say really apart from Keep Calm and carry on!
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore(a)internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore(a)fedoraproject.org
3:20 a.m.
This is a bunch of BS.
No direct links or hard evidence in the article. Even if there was, this is
a browser issue. Not an OS issue.
Dan
On Sun, Sep 2, 2012 at 1:19 AM, Tristan Santore <
tristan.santore(a)internexusconnect.net> wrote:
On 02/09/12 03:04, Danishka Navin wrote:
> Is this true? (for Linux)
>
http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Mac...
>
> Btw, I could not find any source other than this.
>
> Thanks,
> --
> Danishka Navin
> http://danishkanavin.blogspot.com
> http://twitter.com/danishkanavin
> http://www.flickr.com/photos/danishkanavin/
>
>
>
>
>
>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
If it is, it just reinforces that you cannot rely on anything for
security, because there is no such thing as a secure system, as long as
us filthy useless humans write code. Nobody in the linux community ever
made such promises any way.
Just keep updated, install and run clamav every so often, maybe install
and configure tripwire/aide, do not download dodgy stuff, follow and
click random dodgy links. Same applies to any other operating system
really.
Compared to many other systems, GNU operating systems can still have
issues, but far less, and if they do the issue is fixed much quicker.
Not much else to say really apart from Keep Calm and carry on!
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore(a)internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore(a)fedoraproject.org
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
3:31 a.m.
On 02/09/12 09:20, Dan Mashal wrote:
This is a bunch of BS.
No direct links or hard evidence in the article. Even if there was, this
is a browser issue. Not an OS issue.
Dan
On Sun, Sep 2, 2012 at 1:19 AM, Tristan Santore
<tristan.santore(a)internexusconnect.net
<mailto:tristan.santore@internexusconnect.net>> wrote:
On 02/09/12 03:04, Danishka Navin wrote:
> Is this true? (for Linux)
>
http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Mac...
>
> Btw, I could not find any source other than this.
>
> Thanks,
> --
> Danishka Navin
> http://danishkanavin.blogspot.com
> http://twitter.com/danishkanavin
> http://www.flickr.com/photos/danishkanavin/
>
>
>
>
>
>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
If it is, it just reinforces that you cannot rely on anything for
security, because there is no such thing as a secure system, as long as
us filthy useless humans write code. Nobody in the linux community ever
made such promises any way.
Just keep updated, install and run clamav every so often, maybe install
and configure tripwire/aide, do not download dodgy stuff, follow and
click random dodgy links. Same applies to any other operating system
really.
Compared to many other systems, GNU operating systems can still have
issues, but far less, and if they do the issue is fixed much quicker.
Not much else to say really apart from Keep Calm and carry on!
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812 <tel:%2B44-78-55069812>
Tristan.Santore(a)internexusconnect.net
<mailto:Tristan.Santore@internexusconnect.net>
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore(a)fedoraproject.org <mailto:TSantore@fedoraproject.org>
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
As ambassador you
should know better to make such definitive statements.
fact is we do not know any facts yet, so please do not make such views
public, especially as ambassador. People with less experience will look
for your guidance. So, provide them with facts, not fiction or innuendo.
The fact is, there have been viruses and the like, affecting GNU linux
based systems before, however, thanks to the way GNU linux systems work,
such as privilege separation and a "secure" source of software, issues
are far reduced.
I believe there were no more than a few hand full of viruses affecting
GNU operating systems, however I never found any research document
stating factual relevant numbers.
The main issue are remotely exploitable loopholes, found in pretty much
any software that has a listening port open to the outside world.
Browsers of course are included in this as they go around to unverified
locations. So, this might be the most likely source of catching a cold,
so to speak. However, as we now all use Instant Messaging and silly
(anti)social-networking, email hosted by third-parties, etc.. you
sometimes get emails/instant messages from "friends", saying click here
or download this file, and it was not sent by your friend, even though
it came from his account. And there you go, you caught a cold.
So, by all means, do not assume stuff, because in most cases you will be
wrong.
It best to be vigilant and distrust everything, especially your own code
you are writing ;-p.
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore(a)internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore(a)fedoraproject.org
3:33 a.m.
I'm not just an ambassador. I'm a Sysadmin too.
Have you heard of suckit rootkit and rst?
Times have changed.
Had there been links to CVEs and other articles with hard evidence my
response would have been different.
Besides! We have SELinux now! :D
Dan
On Sun, Sep 2, 2012 at 1:31 AM, Tristan Santore <
tristan.santore(a)internexusconnect.net> wrote:
On 02/09/12 09:20, Dan Mashal wrote:
> This is a bunch of BS.
>
> No direct links or hard evidence in the article. Even if there was, this
> is a browser issue. Not an OS issue.
>
> Dan
>
> On Sun, Sep 2, 2012 at 1:19 AM, Tristan Santore
> <tristan.santore(a)internexusconnect.net
> <mailto:tristan.santore@internexusconnect.net>> wrote:
>
> On 02/09/12 03:04, Danishka Navin wrote:
> > Is this true? (for Linux)
> >
>
http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Mac...
> >
> > Btw, I could not find any source other than this.
> >
> > Thanks,
> > --
> > Danishka Navin
> > http://danishkanavin.blogspot.com
> > http://twitter.com/danishkanavin
> > http://www.flickr.com/photos/danishkanavin/
> >
> >
> >
> >
> >
> >
> > --
> > ambassadors mailing list
> > ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> If it is, it just reinforces that you cannot rely on anything for
> security, because there is no such thing as a secure system, as long
as
> us filthy useless humans write code. Nobody in the linux community
ever
> made such promises any way.
>
> Just keep updated, install and run clamav every so often, maybe
install
> and configure tripwire/aide, do not download dodgy stuff, follow and
> click random dodgy links. Same applies to any other operating system
> really.
>
> Compared to many other systems, GNU operating systems can still have
> issues, but far less, and if they do the issue is fixed much quicker.
>
> Not much else to say really apart from Keep Calm and carry on!
>
>
> Regards,
>
> Tristan
>
> --
> Tristan Santore BSc MBCS
> TS4523-RIPE
> Network and Infrastructure Operations
> InterNexusConnect
> Mobile +44-78-55069812 <tel:%2B44-78-55069812>
> Tristan.Santore(a)internexusconnect.net
> <mailto:Tristan.Santore@internexusconnect.net>
>
> Former Thawte Notary
> (Please note: Thawte has closed its WoT programme down,
> and I am therefore no longer able to accredit trust)
>
> For Fedora related issues, please email me at:
> TSantore(a)fedoraproject.org <mailto:TSantore@fedoraproject.org>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
>
>
>
>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
As ambassador you should know better to make such definitive statements.
fact is we do not know any facts yet, so please do not make such views
public, especially as ambassador. People with less experience will look
for your guidance. So, provide them with facts, not fiction or innuendo.
The fact is, there have been viruses and the like, affecting GNU linux
based systems before, however, thanks to the way GNU linux systems work,
such as privilege separation and a "secure" source of software, issues
are far reduced.
I believe there were no more than a few hand full of viruses affecting
GNU operating systems, however I never found any research document
stating factual relevant numbers.
The main issue are remotely exploitable loopholes, found in pretty much
any software that has a listening port open to the outside world.
Browsers of course are included in this as they go around to unverified
locations. So, this might be the most likely source of catching a cold,
so to speak. However, as we now all use Instant Messaging and silly
(anti)social-networking, email hosted by third-parties, etc.. you
sometimes get emails/instant messages from "friends", saying click here
or download this file, and it was not sent by your friend, even though
it came from his account. And there you go, you caught a cold.
So, by all means, do not assume stuff, because in most cases you will be
wrong.
It best to be vigilant and distrust everything, especially your own code
you are writing ;-p.
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore(a)internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore(a)fedoraproject.org
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
3:41 a.m.
On 02/09/12 09:33, Dan Mashal wrote:
I'm not just an ambassador. I'm a Sysadmin too.
Have you heard of suckit rootkit and rst?
Times have changed.
Had there been links to CVEs and other articles with hard evidence my
response would have been different.
Besides! We have SELinux now! :D
Dan
On Sun, Sep 2, 2012 at 1:31 AM, Tristan Santore
<tristan.santore(a)internexusconnect.net
<mailto:tristan.santore@internexusconnect.net>> wrote:
On 02/09/12 09:20, Dan Mashal wrote:
> This is a bunch of BS.
>
> No direct links or hard evidence in the article. Even if there
was, this
> is a browser issue. Not an OS issue.
>
> Dan
>
> On Sun, Sep 2, 2012 at 1:19 AM, Tristan Santore
> <tristan.santore(a)internexusconnect.net
<mailto:tristan.santore@internexusconnect.net>
> <mailto:tristan.santore@internexusconnect.net
<mailto:tristan.santore@internexusconnect.net>>> wrote:
>
> On 02/09/12 03:04, Danishka Navin wrote:
> > Is this true? (for Linux)
> >
>
http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Mac...
> >
> > Btw, I could not find any source other than this.
> >
> > Thanks,
> > --
> > Danishka Navin
> > http://danishkanavin.blogspot.com
> > http://twitter.com/danishkanavin
> > http://www.flickr.com/photos/danishkanavin/
> >
> >
> >
> >
> >
> >
> > --
> > ambassadors mailing list
> > ambassadors(a)lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>
> <mailto:ambassadors@lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>>
> > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> If it is, it just reinforces that you cannot rely on anything for
> security, because there is no such thing as a secure system,
as long as
> us filthy useless humans write code. Nobody in the linux
community ever
> made such promises any way.
>
> Just keep updated, install and run clamav every so often,
maybe install
> and configure tripwire/aide, do not download dodgy stuff,
follow and
> click random dodgy links. Same applies to any other operating
system
> really.
>
> Compared to many other systems, GNU operating systems can
still have
> issues, but far less, and if they do the issue is fixed much
quicker.
>
> Not much else to say really apart from Keep Calm and carry on!
>
>
> Regards,
>
> Tristan
>
> --
> Tristan Santore BSc MBCS
> TS4523-RIPE
> Network and Infrastructure Operations
> InterNexusConnect
> Mobile +44-78-55069812 <tel:%2B44-78-55069812>
<tel:%2B44-78-55069812>
> Tristan.Santore(a)internexusconnect.net
<mailto:Tristan.Santore@internexusconnect.net>
> <mailto:Tristan.Santore@internexusconnect.net
<mailto:Tristan.Santore@internexusconnect.net>>
>
> Former Thawte Notary
> (Please note: Thawte has closed its WoT programme down,
> and I am therefore no longer able to accredit trust)
>
> For Fedora related issues, please email me at:
> TSantore(a)fedoraproject.org <mailto:TSantore@fedoraproject.org>
<mailto:TSantore@fedoraproject.org <mailto:TSantore@fedoraproject.org>>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>
> <mailto:ambassadors@lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>>
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
>
>
>
>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
As ambassador you should know better to make such definitive statements.
fact is we do not know any facts yet, so please do not make such views
public, especially as ambassador. People with less experience will look
for your guidance. So, provide them with facts, not fiction or innuendo.
The fact is, there have been viruses and the like, affecting GNU linux
based systems before, however, thanks to the way GNU linux systems work,
such as privilege separation and a "secure" source of software, issues
are far reduced.
I believe there were no more than a few hand full of viruses affecting
GNU operating systems, however I never found any research document
stating factual relevant numbers.
The main issue are remotely exploitable loopholes, found in pretty much
any software that has a listening port open to the outside world.
Browsers of course are included in this as they go around to unverified
locations. So, this might be the most likely source of catching a cold,
so to speak. However, as we now all use Instant Messaging and silly
(anti)social-networking, email hosted by third-parties, etc.. you
sometimes get emails/instant messages from "friends", saying click here
or download this file, and it was not sent by your friend, even though
it came from his account. And there you go, you caught a cold.
So, by all means, do not assume stuff, because in most cases you will be
wrong.
It best to be vigilant and distrust everything, especially your own code
you are writing ;-p.
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812 <tel:%2B44-78-55069812>
Tristan.Santore(a)internexusconnect.net
<mailto:Tristan.Santore@internexusconnect.net>
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore(a)fedoraproject.org <mailto:TSantore@fedoraproject.org>
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
If you believe selinux
prevents exploits, then you also factually
incorrect. Selinux contains exploits and limits impact. Again, you are
making assumptions. Please do not do that! Also, the fact that there are
"kits with exploits" is quite irrelevant. What is relevant is, that no
software is 100% secure, if anything the notion back in the day that
image/video formats could not be exploited, also proved incorrect.
So you see, nothing is secure, nothing will probably ever be 100%
secure. Because we are human, we make errors and as such machines make
them too.
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore(a)internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore(a)fedoraproject.org
3:49 a.m.
I was being 100% sarcastic about SELinux.
On Sun, Sep 2, 2012 at 1:41 AM, Tristan Santore <
tristan.santore(a)internexusconnect.net> wrote:
On 02/09/12 09:33, Dan Mashal wrote:
> I'm not just an ambassador. I'm a Sysadmin too.
>
> Have you heard of suckit rootkit and rst?
>
> Times have changed.
>
> Had there been links to CVEs and other articles with hard evidence my
> response would have been different.
>
> Besides! We have SELinux now! :D
>
> Dan
>
> On Sun, Sep 2, 2012 at 1:31 AM, Tristan Santore
> <tristan.santore(a)internexusconnect.net
> <mailto:tristan.santore@internexusconnect.net>> wrote:
>
> On 02/09/12 09:20, Dan Mashal wrote:
> > This is a bunch of BS.
> >
> > No direct links or hard evidence in the article. Even if there
> was, this
> > is a browser issue. Not an OS issue.
> >
> > Dan
> >
> > On Sun, Sep 2, 2012 at 1:19 AM, Tristan Santore
> > <tristan.santore(a)internexusconnect.net
> <mailto:tristan.santore@internexusconnect.net>
> > <mailto:tristan.santore@internexusconnect.net
> <mailto:tristan.santore@internexusconnect.net>>> wrote:
> >
> > On 02/09/12 03:04, Danishka Navin wrote:
> > > Is this true? (for Linux)
> > >
> >
>
http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Mac...
> > >
> > > Btw, I could not find any source other than this.
> > >
> > > Thanks,
> > > --
> > > Danishka Navin
> > > http://danishkanavin.blogspot.com
> > > http://twitter.com/danishkanavin
> > > http://www.flickr.com/photos/danishkanavin/
> > >
> > >
> > >
> > >
> > >
> > >
> > > --
> > > ambassadors mailing list
> > > ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> > <mailto:ambassadors@lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>>
> > > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> > If it is, it just reinforces that you cannot rely on anything
for
> > security, because there is no such thing as a secure system,
> as long as
> > us filthy useless humans write code. Nobody in the linux
> community ever
> > made such promises any way.
> >
> > Just keep updated, install and run clamav every so often,
> maybe install
> > and configure tripwire/aide, do not download dodgy stuff,
> follow and
> > click random dodgy links. Same applies to any other operating
> system
> > really.
> >
> > Compared to many other systems, GNU operating systems can
> still have
> > issues, but far less, and if they do the issue is fixed much
> quicker.
> >
> > Not much else to say really apart from Keep Calm and carry on!
> >
> >
> > Regards,
> >
> > Tristan
> >
> > --
> > Tristan Santore BSc MBCS
> > TS4523-RIPE
> > Network and Infrastructure Operations
> > InterNexusConnect
> > Mobile +44-78-55069812 <tel:%2B44-78-55069812>
> <tel:%2B44-78-55069812>
> > Tristan.Santore(a)internexusconnect.net
> <mailto:Tristan.Santore@internexusconnect.net>
> > <mailto:Tristan.Santore@internexusconnect.net
> <mailto:Tristan.Santore@internexusconnect.net>>
> >
> > Former Thawte Notary
> > (Please note: Thawte has closed its WoT programme down,
> > and I am therefore no longer able to accredit trust)
> >
> > For Fedora related issues, please email me at:
> > TSantore(a)fedoraproject.org <mailto:TSantore@fedoraproject.org>
> <mailto:TSantore@fedoraproject.org <mailto:
TSantore(a)fedoraproject.org>>
> > --
> > ambassadors mailing list
> > ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> > <mailto:ambassadors@lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>>
> > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> >
> >
> >
> >
> > --
> > ambassadors mailing list
> > ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> As ambassador you should know better to make such definitive
statements.
> fact is we do not know any facts yet, so please do not make such
views
> public, especially as ambassador. People with less experience will
look
> for your guidance. So, provide them with facts, not fiction or
innuendo.
>
> The fact is, there have been viruses and the like, affecting GNU
linux
> based systems before, however, thanks to the way GNU linux systems
work,
> such as privilege separation and a "secure" source of software,
issues
> are far reduced.
>
> I believe there were no more than a few hand full of viruses
affecting
> GNU operating systems, however I never found any research document
> stating factual relevant numbers.
> The main issue are remotely exploitable loopholes, found in pretty
much
> any software that has a listening port open to the outside world.
> Browsers of course are included in this as they go around to
unverified
> locations. So, this might be the most likely source of catching a
cold,
> so to speak. However, as we now all use Instant Messaging and silly
> (anti)social-networking, email hosted by third-parties, etc.. you
> sometimes get emails/instant messages from "friends", saying click
here
> or download this file, and it was not sent by your friend, even
though
> it came from his account. And there you go, you caught a cold.
>
> So, by all means, do not assume stuff, because in most cases you
will be
> wrong.
>
> It best to be vigilant and distrust everything, especially your own
code
> you are writing ;-p.
>
> Regards,
> Tristan
>
> --
> Tristan Santore BSc MBCS
> TS4523-RIPE
> Network and Infrastructure Operations
> InterNexusConnect
> Mobile +44-78-55069812 <tel:%2B44-78-55069812>
> Tristan.Santore(a)internexusconnect.net
> <mailto:Tristan.Santore@internexusconnect.net>
>
> Former Thawte Notary
> (Please note: Thawte has closed its WoT programme down,
> and I am therefore no longer able to accredit trust)
>
> For Fedora related issues, please email me at:
> TSantore(a)fedoraproject.org <mailto:TSantore@fedoraproject.org>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
>
>
>
>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
If you believe selinux prevents exploits, then you also factually
incorrect. Selinux contains exploits and limits impact. Again, you are
making assumptions. Please do not do that! Also, the fact that there are
"kits with exploits" is quite irrelevant. What is relevant is, that no
software is 100% secure, if anything the notion back in the day that
image/video formats could not be exploited, also proved incorrect.
So you see, nothing is secure, nothing will probably ever be 100%
secure. Because we are human, we make errors and as such machines make
them too.
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore(a)internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore(a)fedoraproject.org
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
6:22 a.m.
I think a lot vuln about DDos on kernel or software that can solved with
update your system (built) patchs. And know about Java too that can be
opened door for exploits and daemons runs on shadows. About trojans on
Linux... dont know. All software is downloaded of repos or .tar directly...
Maybe passes such as Debian with OpenSSL (never be sure.)
Is true that 100% is not exist on security. If you have paranoia, try
OpenBSD, but remember, never be sure with something built by human as have
said this.
On Sep 2, 2012 3:05 AM, "Danishka Navin" <danishka(a)gmail.com> wrote:
Is this true? (for Linux)
http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Mac...
Btw, I could not find any source other than this.
Thanks,
--
Danishka Navin
http://danishkanavin.blogspot.com
http://twitter.com/danishkanavin
http://www.flickr.com/photos/danishkanavin/
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
6:26 a.m.
Really the only ways to get in are the following:
1) CVEs on the packages in the stable repo
2) Vulnerabilities in software such as web browsers
3) Sniffing unecnrypted data
4) dictionary attacks
5) network scanning/port vulnerabilities
6) Pushing out fake updates with back doors.
Again, that was the god old days.
Dan
On Sun, Sep 2, 2012 at 4:22 AM, Álvaro Castillo <netsys(a)fedoraproject.org>wrote:
I think a lot vuln about DDos on kernel or software that can solved
with
update your system (built) patchs. And know about Java too that can be
opened door for exploits and daemons runs on shadows. About trojans on
Linux... dont know. All software is downloaded of repos or .tar directly...
Maybe passes such as Debian with OpenSSL (never be sure.)
Is true that 100% is not exist on security. If you have paranoia, try
OpenBSD, but remember, never be sure with something built by human as have
said this.
On Sep 2, 2012 3:05 AM, "Danishka Navin" <danishka(a)gmail.com> wrote:
> Is this true? (for Linux)
>
> http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Mac...
>
> Btw, I could not find any source other than this.
>
> Thanks,
> --
> Danishka Navin
> http://danishkanavin.blogspot.com
> http://twitter.com/danishkanavin
> http://www.flickr.com/photos/danishkanavin/
>
>
>
>
>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
>
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
11:23 a.m.
I believe the OP was referring to this (?):
http://www.f-secure.com/weblog/archives/00002400.html
It's from July, but I keep seeing the same news appear on different sites.
I do believe they are all referring to the above link.
That is unless the kit has been taken, modified, adapted, evolved,
etc... into something new.
Best regards,
-Jon
On Sun, Sep 2, 2012 at 6:26 AM, Dan Mashal <dan.mashal(a)gmail.com> wrote:
Really the only ways to get in are the following:
1) CVEs on the packages in the stable repo
2) Vulnerabilities in software such as web browsers
3) Sniffing unecnrypted data
4) dictionary attacks
5) network scanning/port vulnerabilities
6) Pushing out fake updates with back doors.
Again, that was the god old days.
Dan
On Sun, Sep 2, 2012 at 4:22 AM, Álvaro Castillo <netsys(a)fedoraproject.org>
wrote:
>
> I think a lot vuln about DDos on kernel or software that can solved with
> update your system (built) patchs. And know about Java too that can be
> opened door for exploits and daemons runs on shadows. About trojans on
> Linux... dont know. All software is downloaded of repos or .tar directly...
> Maybe passes such as Debian with OpenSSL (never be sure.)
>
> Is true that 100% is not exist on security. If you have paranoia, try
> OpenBSD, but remember, never be sure with something built by human as have
> said this.
>
> On Sep 2, 2012 3:05 AM, "Danishka Navin" <danishka(a)gmail.com> wrote:
>>
>> Is this true? (for Linux)
>>
>> http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Mac...
>>
>> Btw, I could not find any source other than this.
>>
>> Thanks,
>> --
>> Danishka Navin
>> http://danishkanavin.blogspot.com
>> http://twitter.com/danishkanavin
>> http://www.flickr.com/photos/danishkanavin/
>>
>>
>>
--
-Jon
12:17 a.m.
I think this is a bigger deal:
https://bugzilla.redhat.com/show_bug.cgi?id=852051
Dan
On Sun, Sep 2, 2012 at 9:23 AM, Jon <jdisnard(a)gmail.com> wrote:
I believe the OP was referring to this (?):
http://www.f-secure.com/weblog/archives/00002400.html
It's from July, but I keep seeing the same news appear on different sites.
I do believe they are all referring to the above link.
That is unless the kit has been taken, modified, adapted, evolved,
etc... into something new.
Best regards,
-Jon
On Sun, Sep 2, 2012 at 6:26 AM, Dan Mashal <dan.mashal(a)gmail.com> wrote:
> Really the only ways to get in are the following:
>
> 1) CVEs on the packages in the stable repo
> 2) Vulnerabilities in software such as web browsers
> 3) Sniffing unecnrypted data
> 4) dictionary attacks
> 5) network scanning/port vulnerabilities
> 6) Pushing out fake updates with back doors.
>
> Again, that was the god old days.
>
> Dan
>
>
> On Sun, Sep 2, 2012 at 4:22 AM, Álvaro Castillo <
netsys(a)fedoraproject.org>
> wrote:
>>
>> I think a lot vuln about DDos on kernel or software that can solved with
>> update your system (built) patchs. And know about Java too that can be
>> opened door for exploits and daemons runs on shadows. About trojans on
>> Linux... dont know. All software is downloaded of repos or .tar
directly...
>> Maybe passes such as Debian with OpenSSL (never be sure.)
>>
>> Is true that 100% is not exist on security. If you have paranoia, try
>> OpenBSD, but remember, never be sure with something built by human as
have
>> said this.
>>
>> On Sep 2, 2012 3:05 AM, "Danishka Navin" <danishka(a)gmail.com>
wrote:
>>>
>>> Is this true? (for Linux)
>>>
>>>
http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Mac...
>>>
>>> Btw, I could not find any source other than this.
>>>
>>> Thanks,
>>> --
>>> Danishka Navin
>>> http://danishkanavin.blogspot.com
>>> http://twitter.com/danishkanavin
>>> http://www.flickr.com/photos/danishkanavin/
>>>
>>>
>>>
--
-Jon
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
5:39 a.m.
You see these is Java but free. On Java always exist bugs, exploits,
trojans.... Difference Java Oracle between OpenJDK avoid one is privative
and other is free. Is speed fixing issues.
On Sep 3, 2012 6:17 AM, "Dan Mashal" <dan.mashal(a)gmail.com> wrote:
I think this is a bigger deal:
https://bugzilla.redhat.com/show_bug.cgi?id=852051
Dan
On Sun, Sep 2, 2012 at 9:23 AM, Jon <jdisnard(a)gmail.com> wrote:
> I believe the OP was referring to this (?):
>
> http://www.f-secure.com/weblog/archives/00002400.html
>
> It's from July, but I keep seeing the same news appear on different sites.
> I do believe they are all referring to the above link.
> That is unless the kit has been taken, modified, adapted, evolved,
> etc... into something new.
>
>
> Best regards,
> -Jon
>
>
>
>
> On Sun, Sep 2, 2012 at 6:26 AM, Dan Mashal <dan.mashal(a)gmail.com> wrote:
> > Really the only ways to get in are the following:
> >
> > 1) CVEs on the packages in the stable repo
> > 2) Vulnerabilities in software such as web browsers
> > 3) Sniffing unecnrypted data
> > 4) dictionary attacks
> > 5) network scanning/port vulnerabilities
> > 6) Pushing out fake updates with back doors.
> >
> > Again, that was the god old days.
> >
> > Dan
> >
> >
> > On Sun, Sep 2, 2012 at 4:22 AM, Álvaro Castillo <
> netsys(a)fedoraproject.org>
> > wrote:
> >>
> >> I think a lot vuln about DDos on kernel or software that can solved
> with
> >> update your system (built) patchs. And know about Java too that can be
> >> opened door for exploits and daemons runs on shadows. About trojans on
> >> Linux... dont know. All software is downloaded of repos or .tar
> directly...
> >> Maybe passes such as Debian with OpenSSL (never be sure.)
> >>
> >> Is true that 100% is not exist on security. If you have paranoia, try
> >> OpenBSD, but remember, never be sure with something built by human as
> have
> >> said this.
> >>
> >> On Sep 2, 2012 3:05 AM, "Danishka Navin"
<danishka(a)gmail.com> wrote:
> >>>
> >>> Is this true? (for Linux)
> >>>
> >>>
> http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Mac...
> >>>
> >>> Btw, I could not find any source other than this.
> >>>
> >>> Thanks,
> >>> --
> >>> Danishka Navin
> >>> http://danishkanavin.blogspot.com
> >>> http://twitter.com/danishkanavin
> >>> http://www.flickr.com/photos/danishkanavin/
> >>>
> >>>
> >>>
>
>
> --
>
> -Jon
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
>
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
8:46 a.m.
On 03/09/12 11:39, Álvaro Castillo wrote:
You see these is Java but free. On Java always exist bugs, exploits,
trojans.... Difference Java Oracle between OpenJDK avoid one is
privative and other is free. Is speed fixing issues.
On Sep 3, 2012 6:17 AM, "Dan Mashal" <dan.mashal(a)gmail.com
<mailto:dan.mashal@gmail.com>> wrote:
I think this is a bigger deal:
https://bugzilla.redhat.com/show_bug.cgi?id=852051
Dan
On Sun, Sep 2, 2012 at 9:23 AM, Jon <jdisnard(a)gmail.com
<mailto:jdisnard@gmail.com>> wrote:
I believe the OP was referring to this (?):
http://www.f-secure.com/weblog/archives/00002400.html
It's from July, but I keep seeing the same news appear on
different sites.
I do believe they are all referring to the above link.
That is unless the kit has been taken, modified, adapted, evolved,
etc... into something new.
Best regards,
-Jon
On Sun, Sep 2, 2012 at 6:26 AM, Dan Mashal <dan.mashal(a)gmail.com
<mailto:dan.mashal@gmail.com>> wrote:
> Really the only ways to get in are the following:
>
> 1) CVEs on the packages in the stable repo
> 2) Vulnerabilities in software such as web browsers
> 3) Sniffing unecnrypted data
> 4) dictionary attacks
> 5) network scanning/port vulnerabilities
> 6) Pushing out fake updates with back doors.
>
> Again, that was the god old days.
>
> Dan
>
>
> On Sun, Sep 2, 2012 at 4:22 AM, Álvaro Castillo
<netsys(a)fedoraproject.org <mailto:netsys@fedoraproject.org>>
> wrote:
>>
>> I think a lot vuln about DDos on kernel or software that can
solved with
>> update your system (built) patchs. And know about Java too
that can be
>> opened door for exploits and daemons runs on shadows. About
trojans on
>> Linux... dont know. All software is downloaded of repos or
.tar directly...
>> Maybe passes such as Debian with OpenSSL (never be sure.)
>>
>> Is true that 100% is not exist on security. If you have
paranoia, try
>> OpenBSD, but remember, never be sure with something built by
human as have
>> said this.
>>
>> On Sep 2, 2012 3:05 AM, "Danishka Navin"
<danishka(a)gmail.com
<mailto:danishka@gmail.com>> wrote:
>>>
>>> Is this true? (for Linux)
>>>
>>>
http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Mac...
>>>
>>> Btw, I could not find any source other than this.
>>>
>>> Thanks,
>>> --
>>> Danishka Navin
>>> http://danishkanavin.blogspot.com
>>> http://twitter.com/danishkanavin
>>> http://www.flickr.com/photos/danishkanavin/
>>>
>>>
>>>
--
-Jon
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
These issues are now
fixed. packages have just been pushed out, so
please can be now close this thread. It is not in the right place any way.
Thank you.
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore(a)internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore(a)fedoraproject.org
8:47 a.m.
This is not a "bug" thread, it's a discussion thread.
Yes, after updating to 1.7.0.7 open and closed jdk/jre 32/64bit that hole
is closed.
Thanks.
Dan
On Mon, Sep 3, 2012 at 6:46 AM, Tristan Santore <
tristan.santore(a)internexusconnect.net> wrote:
On 03/09/12 11:39, Álvaro Castillo wrote:
> You see these is Java but free. On Java always exist bugs, exploits,
> trojans.... Difference Java Oracle between OpenJDK avoid one is
> privative and other is free. Is speed fixing issues.
>
> On Sep 3, 2012 6:17 AM, "Dan Mashal" <dan.mashal(a)gmail.com
> <mailto:dan.mashal@gmail.com>> wrote:
>
> I think this is a bigger deal:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=852051
>
> Dan
>
> On Sun, Sep 2, 2012 at 9:23 AM, Jon <jdisnard(a)gmail.com
> <mailto:jdisnard@gmail.com>> wrote:
>
> I believe the OP was referring to this (?):
>
> http://www.f-secure.com/weblog/archives/00002400.html
>
> It's from July, but I keep seeing the same news appear on
> different sites.
> I do believe they are all referring to the above link.
> That is unless the kit has been taken, modified, adapted,
evolved,
> etc... into something new.
>
>
> Best regards,
> -Jon
>
>
>
>
> On Sun, Sep 2, 2012 at 6:26 AM, Dan Mashal <dan.mashal(a)gmail.com
> <mailto:dan.mashal@gmail.com>> wrote:
> > Really the only ways to get in are the following:
> >
> > 1) CVEs on the packages in the stable repo
> > 2) Vulnerabilities in software such as web browsers
> > 3) Sniffing unecnrypted data
> > 4) dictionary attacks
> > 5) network scanning/port vulnerabilities
> > 6) Pushing out fake updates with back doors.
> >
> > Again, that was the god old days.
> >
> > Dan
> >
> >
> > On Sun, Sep 2, 2012 at 4:22 AM, Álvaro Castillo
> <netsys(a)fedoraproject.org <mailto:netsys@fedoraproject.org>>
> > wrote:
> >>
> >> I think a lot vuln about DDos on kernel or software that can
> solved with
> >> update your system (built) patchs. And know about Java too
> that can be
> >> opened door for exploits and daemons runs on shadows. About
> trojans on
> >> Linux... dont know. All software is downloaded of repos or
> .tar directly...
> >> Maybe passes such as Debian with OpenSSL (never be sure.)
> >>
> >> Is true that 100% is not exist on security. If you have
> paranoia, try
> >> OpenBSD, but remember, never be sure with something built by
> human as have
> >> said this.
> >>
> >> On Sep 2, 2012 3:05 AM, "Danishka Navin"
<danishka(a)gmail.com
> <mailto:danishka@gmail.com>> wrote:
> >>>
> >>> Is this true? (for Linux)
> >>>
> >>>
>
http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Mac...
> >>>
> >>> Btw, I could not find any source other than this.
> >>>
> >>> Thanks,
> >>> --
> >>> Danishka Navin
> >>> http://danishkanavin.blogspot.com
> >>> http://twitter.com/danishkanavin
> >>> http://www.flickr.com/photos/danishkanavin/
> >>>
> >>>
> >>>
>
>
> --
>
> -Jon
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
>
>
>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
>
>
>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
These issues are now fixed. packages have just been pushed out, so
please can be now close this thread. It is not in the right place any way.
Thank you.
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore(a)internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore(a)fedoraproject.org
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
8:50 a.m.
On 03/09/12 14:47, Dan Mashal wrote:
This is not a "bug" thread, it's a discussion thread.
Yes, after updating to 1.7.0.7 open and closed jdk/jre 32/64bit that
hole is closed.
Thanks.
Dan
On Mon, Sep 3, 2012 at 6:46 AM, Tristan Santore
<tristan.santore(a)internexusconnect.net
<mailto:tristan.santore@internexusconnect.net>> wrote:
On 03/09/12 11:39, Álvaro Castillo wrote:
> You see these is Java but free. On Java always exist bugs, exploits,
> trojans.... Difference Java Oracle between OpenJDK avoid one is
> privative and other is free. Is speed fixing issues.
>
> On Sep 3, 2012 6:17 AM, "Dan Mashal" <dan.mashal(a)gmail.com
<mailto:dan.mashal@gmail.com>
> <mailto:dan.mashal@gmail.com <mailto:dan.mashal@gmail.com>>>
wrote:
>
> I think this is a bigger deal:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=852051
>
> Dan
>
> On Sun, Sep 2, 2012 at 9:23 AM, Jon <jdisnard(a)gmail.com
<mailto:jdisnard@gmail.com>
> <mailto:jdisnard@gmail.com <mailto:jdisnard@gmail.com>>>
wrote:
>
> I believe the OP was referring to this (?):
>
> http://www.f-secure.com/weblog/archives/00002400.html
>
> It's from July, but I keep seeing the same news appear on
> different sites.
> I do believe they are all referring to the above link.
> That is unless the kit has been taken, modified, adapted,
evolved,
> etc... into something new.
>
>
> Best regards,
> -Jon
>
>
>
>
> On Sun, Sep 2, 2012 at 6:26 AM, Dan Mashal
<dan.mashal(a)gmail.com <mailto:dan.mashal@gmail.com>
> <mailto:dan.mashal@gmail.com
<mailto:dan.mashal@gmail.com>>> wrote:
> > Really the only ways to get in are the following:
> >
> > 1) CVEs on the packages in the stable repo
> > 2) Vulnerabilities in software such as web browsers
> > 3) Sniffing unecnrypted data
> > 4) dictionary attacks
> > 5) network scanning/port vulnerabilities
> > 6) Pushing out fake updates with back doors.
> >
> > Again, that was the god old days.
> >
> > Dan
> >
> >
> > On Sun, Sep 2, 2012 at 4:22 AM, Álvaro Castillo
> <netsys(a)fedoraproject.org
<mailto:netsys@fedoraproject.org> <mailto:netsys@fedoraproject.org
<mailto:netsys@fedoraproject.org>>>
> > wrote:
> >>
> >> I think a lot vuln about DDos on kernel or software
that can
> solved with
> >> update your system (built) patchs. And know about Java too
> that can be
> >> opened door for exploits and daemons runs on shadows. About
> trojans on
> >> Linux... dont know. All software is downloaded of repos or
> .tar directly...
> >> Maybe passes such as Debian with OpenSSL (never be sure.)
> >>
> >> Is true that 100% is not exist on security. If you have
> paranoia, try
> >> OpenBSD, but remember, never be sure with something
built by
> human as have
> >> said this.
> >>
> >> On Sep 2, 2012 3:05 AM, "Danishka Navin"
<danishka(a)gmail.com <mailto:danishka@gmail.com>
> <mailto:danishka@gmail.com <mailto:danishka@gmail.com>>>
wrote:
> >>>
> >>> Is this true? (for Linux)
> >>>
> >>>
>
http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Mac...
> >>>
> >>> Btw, I could not find any source other than this.
> >>>
> >>> Thanks,
> >>> --
> >>> Danishka Navin
> >>> http://danishkanavin.blogspot.com
> >>> http://twitter.com/danishkanavin
> >>> http://www.flickr.com/photos/danishkanavin/
> >>>
> >>>
> >>>
>
>
> --
>
> -Jon
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>
> <mailto:ambassadors@lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>>
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
>
>
>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>
> <mailto:ambassadors@lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>>
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
>
>
>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
These issues are now fixed. packages have just been pushed out, so
please can be now close this thread. It is not in the right place
any way.
Thank you.
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812 <tel:%2B44-78-55069812>
Tristan.Santore(a)internexusconnect.net
<mailto:Tristan.Santore@internexusconnect.net>
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore(a)fedoraproject.org <mailto:TSantore@fedoraproject.org>
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
This does not really
belong on the ambassadors list! The only reason why
I even responded to any of this in the beginning, was to stop any kind
of disinformation about Fedora being insecure, from spreading out.
People tend to believe any kind of little snippet of disinformation.
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore(a)internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore(a)fedoraproject.org
8:52 a.m.
If you really think Fedora, or any other OS is bullet proof, you've got
other issues.
In fact in my original reply I said that this was a bunch of BS.
Someone actually came in to #Fedora last night and mentioned the Java
security flaw, which is an actual real flaw that is cross platform
(Windows,OSX,Unix).
Thanks,
Dan
On Mon, Sep 3, 2012 at 6:50 AM, Tristan Santore <
tristan.santore(a)internexusconnect.net> wrote:
On 03/09/12 14:47, Dan Mashal wrote:
> This is not a "bug" thread, it's a discussion thread.
>
> Yes, after updating to 1.7.0.7 open and closed jdk/jre 32/64bit that
> hole is closed.
>
> Thanks.
>
> Dan
>
> On Mon, Sep 3, 2012 at 6:46 AM, Tristan Santore
> <tristan.santore(a)internexusconnect.net
> <mailto:tristan.santore@internexusconnect.net>> wrote:
>
> On 03/09/12 11:39, Álvaro Castillo wrote:
> > You see these is Java but free. On Java always exist bugs,
exploits,
> > trojans.... Difference Java Oracle between OpenJDK avoid one is
> > privative and other is free. Is speed fixing issues.
> >
> > On Sep 3, 2012 6:17 AM, "Dan Mashal" <dan.mashal(a)gmail.com
> <mailto:dan.mashal@gmail.com>
> > <mailto:dan.mashal@gmail.com
<mailto:dan.mashal@gmail.com>>>
wrote:
> >
> > I think this is a bigger deal:
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=852051
> >
> > Dan
> >
> > On Sun, Sep 2, 2012 at 9:23 AM, Jon <jdisnard(a)gmail.com
> <mailto:jdisnard@gmail.com>
> > <mailto:jdisnard@gmail.com
<mailto:jdisnard@gmail.com>>>
wrote:
> >
> > I believe the OP was referring to this (?):
> >
> > http://www.f-secure.com/weblog/archives/00002400.html
> >
> > It's from July, but I keep seeing the same news appear on
> > different sites.
> > I do believe they are all referring to the above link.
> > That is unless the kit has been taken, modified, adapted,
> evolved,
> > etc... into something new.
> >
> >
> > Best regards,
> > -Jon
> >
> >
> >
> >
> > On Sun, Sep 2, 2012 at 6:26 AM, Dan Mashal
> <dan.mashal(a)gmail.com <mailto:dan.mashal@gmail.com>
> > <mailto:dan.mashal@gmail.com
> <mailto:dan.mashal@gmail.com>>> wrote:
> > > Really the only ways to get in are the following:
> > >
> > > 1) CVEs on the packages in the stable repo
> > > 2) Vulnerabilities in software such as web browsers
> > > 3) Sniffing unecnrypted data
> > > 4) dictionary attacks
> > > 5) network scanning/port vulnerabilities
> > > 6) Pushing out fake updates with back doors.
> > >
> > > Again, that was the god old days.
> > >
> > > Dan
> > >
> > >
> > > On Sun, Sep 2, 2012 at 4:22 AM, Álvaro Castillo
> > <netsys(a)fedoraproject.org
> <mailto:netsys@fedoraproject.org> <mailto:netsys@fedoraproject.org
> <mailto:netsys@fedoraproject.org>>>
> > > wrote:
> > >>
> > >> I think a lot vuln about DDos on kernel or software
> that can
> > solved with
> > >> update your system (built) patchs. And know about Java
too
> > that can be
> > >> opened door for exploits and daemons runs on shadows.
About
> > trojans on
> > >> Linux... dont know. All software is downloaded of repos
or
> > .tar directly...
> > >> Maybe passes such as Debian with OpenSSL (never be
sure.)
> > >>
> > >> Is true that 100% is not exist on security. If you have
> > paranoia, try
> > >> OpenBSD, but remember, never be sure with something
> built by
> > human as have
> > >> said this.
> > >>
> > >> On Sep 2, 2012 3:05 AM, "Danishka Navin"
> <danishka(a)gmail.com <mailto:danishka@gmail.com>
> > <mailto:danishka@gmail.com
<mailto:danishka@gmail.com>>>
> wrote:
> > >>>
> > >>> Is this true? (for Linux)
> > >>>
> > >>>
> >
>
http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Mac...
> > >>>
> > >>> Btw, I could not find any source other than this.
> > >>>
> > >>> Thanks,
> > >>> --
> > >>> Danishka Navin
> > >>> http://danishkanavin.blogspot.com
> > >>> http://twitter.com/danishkanavin
> > >>> http://www.flickr.com/photos/danishkanavin/
> > >>>
> > >>>
> > >>>
> >
> >
> > --
> >
> > -Jon
> > --
> > ambassadors mailing list
> > ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> > <mailto:ambassadors@lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>>
> >
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> >
> >
> >
> > --
> > ambassadors mailing list
> > ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> > <mailto:ambassadors@lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>>
> > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> >
> >
> >
> > --
> > ambassadors mailing list
> > ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> These issues are now fixed. packages have just been pushed out, so
> please can be now close this thread. It is not in the right place
> any way.
>
> Thank you.
>
> Regards,
> Tristan
>
> --
> Tristan Santore BSc MBCS
> TS4523-RIPE
> Network and Infrastructure Operations
> InterNexusConnect
> Mobile +44-78-55069812 <tel:%2B44-78-55069812>
> Tristan.Santore(a)internexusconnect.net
> <mailto:Tristan.Santore@internexusconnect.net>
>
> Former Thawte Notary
> (Please note: Thawte has closed its WoT programme down,
> and I am therefore no longer able to accredit trust)
>
> For Fedora related issues, please email me at:
> TSantore(a)fedoraproject.org <mailto:TSantore@fedoraproject.org>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
>
>
>
>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
This does not really belong on the ambassadors list! The only reason why
I even responded to any of this in the beginning, was to stop any kind
of disinformation about Fedora being insecure, from spreading out.
People tend to believe any kind of little snippet of disinformation.
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore(a)internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore(a)fedoraproject.org
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
8:56 a.m.
On 03/09/12 14:52, Dan Mashal wrote:
If you really think Fedora, or any other OS is bullet proof,
you've got
other issues.
In fact in my original reply I said that this was a bunch of BS.
Someone actually came in to #Fedora last night and mentioned the Java
security flaw, which is an actual real flaw that is cross platform
(Windows,OSX,Unix).
Thanks,
Dan
On Mon, Sep 3, 2012 at 6:50 AM, Tristan Santore
<tristan.santore(a)internexusconnect.net
<mailto:tristan.santore@internexusconnect.net>> wrote:
On 03/09/12 14:47, Dan Mashal wrote:
> This is not a "bug" thread, it's a discussion thread.
>
> Yes, after updating to 1.7.0.7 open and closed jdk/jre 32/64bit that
> hole is closed.
>
> Thanks.
>
> Dan
>
> On Mon, Sep 3, 2012 at 6:46 AM, Tristan Santore
> <tristan.santore(a)internexusconnect.net
<mailto:tristan.santore@internexusconnect.net>
> <mailto:tristan.santore@internexusconnect.net
<mailto:tristan.santore@internexusconnect.net>>> wrote:
>
> On 03/09/12 11:39, Álvaro Castillo wrote:
> > You see these is Java but free. On Java always exist bugs,
exploits,
> > trojans.... Difference Java Oracle between OpenJDK avoid one is
> > privative and other is free. Is speed fixing issues.
> >
> > On Sep 3, 2012 6:17 AM, "Dan Mashal"
<dan.mashal(a)gmail.com
<mailto:dan.mashal@gmail.com>
> <mailto:dan.mashal@gmail.com <mailto:dan.mashal@gmail.com>>
> > <mailto:dan.mashal@gmail.com <mailto:dan.mashal@gmail.com>
<mailto:dan.mashal@gmail.com <mailto:dan.mashal@gmail.com>>>>
wrote:
> >
> > I think this is a bigger deal:
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=852051
> >
> > Dan
> >
> > On Sun, Sep 2, 2012 at 9:23 AM, Jon <jdisnard(a)gmail.com
<mailto:jdisnard@gmail.com>
> <mailto:jdisnard@gmail.com <mailto:jdisnard@gmail.com>>
> > <mailto:jdisnard@gmail.com <mailto:jdisnard@gmail.com>
<mailto:jdisnard@gmail.com <mailto:jdisnard@gmail.com>>>> wrote:
> >
> > I believe the OP was referring to this (?):
> >
> > http://www.f-secure.com/weblog/archives/00002400.html
> >
> > It's from July, but I keep seeing the same news
appear on
> > different sites.
> > I do believe they are all referring to the above link.
> > That is unless the kit has been taken, modified,
adapted,
> evolved,
> > etc... into something new.
> >
> >
> > Best regards,
> > -Jon
> >
> >
> >
> >
> > On Sun, Sep 2, 2012 at 6:26 AM, Dan Mashal
> <dan.mashal(a)gmail.com <mailto:dan.mashal@gmail.com>
<mailto:dan.mashal@gmail.com <mailto:dan.mashal@gmail.com>>
> > <mailto:dan.mashal@gmail.com
<mailto:dan.mashal@gmail.com>
> <mailto:dan.mashal@gmail.com
<mailto:dan.mashal@gmail.com>>>>
wrote:
> > > Really the only ways to get in are the following:
> > >
> > > 1) CVEs on the packages in the stable repo
> > > 2) Vulnerabilities in software such as web browsers
> > > 3) Sniffing unecnrypted data
> > > 4) dictionary attacks
> > > 5) network scanning/port vulnerabilities
> > > 6) Pushing out fake updates with back doors.
> > >
> > > Again, that was the god old days.
> > >
> > > Dan
> > >
> > >
> > > On Sun, Sep 2, 2012 at 4:22 AM, Álvaro Castillo
> > <netsys(a)fedoraproject.org
<mailto:netsys@fedoraproject.org>
> <mailto:netsys@fedoraproject.org
<mailto:netsys@fedoraproject.org>> <mailto:netsys@fedoraproject.org
<mailto:netsys@fedoraproject.org>
> <mailto:netsys@fedoraproject.org
<mailto:netsys@fedoraproject.org>>>>
> > > wrote:
> > >>
> > >> I think a lot vuln about DDos on kernel or software
> that can
> > solved with
> > >> update your system (built) patchs. And know about
Java too
> > that can be
> > >> opened door for exploits and daemons runs on
shadows. About
> > trojans on
> > >> Linux... dont know. All software is downloaded of
repos or
> > .tar directly...
> > >> Maybe passes such as Debian with OpenSSL (never
be sure.)
> > >>
> > >> Is true that 100% is not exist on security. If
you have
> > paranoia, try
> > >> OpenBSD, but remember, never be sure with something
> built by
> > human as have
> > >> said this.
> > >>
> > >> On Sep 2, 2012 3:05 AM, "Danishka Navin"
> <danishka(a)gmail.com <mailto:danishka@gmail.com>
<mailto:danishka@gmail.com <mailto:danishka@gmail.com>>
> > <mailto:danishka@gmail.com
<mailto:danishka@gmail.com> <mailto:danishka@gmail.com
<mailto:danishka@gmail.com>>>>
> wrote:
> > >>>
> > >>> Is this true? (for Linux)
> > >>>
> > >>>
> >
>
http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Mac...
> > >>>
> > >>> Btw, I could not find any source other than this.
> > >>>
> > >>> Thanks,
> > >>> --
> > >>> Danishka Navin
> > >>> http://danishkanavin.blogspot.com
> > >>> http://twitter.com/danishkanavin
> > >>> http://www.flickr.com/photos/danishkanavin/
> > >>>
> > >>>
> > >>>
> >
> >
> > --
> >
> > -Jon
> > --
> > ambassadors mailing list
> > ambassadors(a)lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>
> <mailto:ambassadors@lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>>
> > <mailto:ambassadors@lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>
> <mailto:ambassadors@lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>>>
> >
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> >
> >
> >
> > --
> > ambassadors mailing list
> > ambassadors(a)lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>
> <mailto:ambassadors@lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>>
> > <mailto:ambassadors@lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>
> <mailto:ambassadors@lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>>>
> > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> >
> >
> >
> > --
> > ambassadors mailing list
> > ambassadors(a)lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>
> <mailto:ambassadors@lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>>
> > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> These issues are now fixed. packages have just been pushed out, so
> please can be now close this thread. It is not in the right place
> any way.
>
> Thank you.
>
> Regards,
> Tristan
>
> --
> Tristan Santore BSc MBCS
> TS4523-RIPE
> Network and Infrastructure Operations
> InterNexusConnect
> Mobile +44-78-55069812 <tel:%2B44-78-55069812>
<tel:%2B44-78-55069812>
> Tristan.Santore(a)internexusconnect.net
<mailto:Tristan.Santore@internexusconnect.net>
> <mailto:Tristan.Santore@internexusconnect.net
<mailto:Tristan.Santore@internexusconnect.net>>
>
> Former Thawte Notary
> (Please note: Thawte has closed its WoT programme down,
> and I am therefore no longer able to accredit trust)
>
> For Fedora related issues, please email me at:
> TSantore(a)fedoraproject.org <mailto:TSantore@fedoraproject.org>
<mailto:TSantore@fedoraproject.org <mailto:TSantore@fedoraproject.org>>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>
> <mailto:ambassadors@lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>>
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
>
>
>
>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
This does not really belong on the ambassadors list! The only reason why
I even responded to any of this in the beginning, was to stop any kind
of disinformation about Fedora being insecure, from spreading out.
People tend to believe any kind of little snippet of disinformation.
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812 <tel:%2B44-78-55069812>
Tristan.Santore(a)internexusconnect.net
<mailto:Tristan.Santore@internexusconnect.net>
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore(a)fedoraproject.org <mailto:TSantore@fedoraproject.org>
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
<mailto:ambassadors@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
Irrelevant. Not what I
ever suggested any way. But this is still the
ambassadors list, not the security list. And even on the security list,
this was a known issue for a week. So, even then it would have been
irrelevant by then.
So, maybe we can let this list come back to on topic posts now.
Thank you.
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore(a)internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore(a)fedoraproject.org
9:04 a.m.
Whether it's the security list or the social list or the arm list or the
marketing, people should know. We've got way too much fragmentation in my
opinion.
I didn't know until last night.
And the article in the original email of this thread is very vague.
Maybe we should have some kind of "fedora-news" list for important topics
such as this instead of 50 specific "on topic" lists. I don't know.
It's
quite alarming and it feels like there is too much information to keep up
with to stay up to date.
--
So you guys on the security list knew about it for a week, does that mean
I should have been subscribed to the security list or just psychically know
about this cross platform security flaw that is huge, or subscribe to the
CVE mailing list, or read every single article on Slashdot?
The java hole is going to affect tons of people regardless of what OS their
on.
The hypocrisy is amazing sometimes.
Honestly, you sound like an Oracle/Sun employee trying to cover up a Java
flaw right now (I know you're not).. I really don't know what to think.
My main point here is people have a right to discuss any topic they feel
necessary. Yes, I agree with you: the ambassadors list probably wasn't the
right place for it, but I'm glad somebody sent something and I saw someone
bring it up in #Fedora otherwise I wouldn't have known.
Welcome to the information age.
Dan
On Mon, Sep 3, 2012 at 6:56 AM, Tristan Santore <
tristan.santore(a)internexusconnect.net> wrote:
On 03/09/12 14:52, Dan Mashal wrote:
> If you really think Fedora, or any other OS is bullet proof, you've got
> other issues.
>
> In fact in my original reply I said that this was a bunch of BS.
>
> Someone actually came in to #Fedora last night and mentioned the Java
> security flaw, which is an actual real flaw that is cross platform
> (Windows,OSX,Unix).
>
> Thanks,
> Dan
>
> On Mon, Sep 3, 2012 at 6:50 AM, Tristan Santore
> <tristan.santore(a)internexusconnect.net
> <mailto:tristan.santore@internexusconnect.net>> wrote:
>
> On 03/09/12 14:47, Dan Mashal wrote:
> > This is not a "bug" thread, it's a discussion thread.
> >
> > Yes, after updating to 1.7.0.7 open and closed jdk/jre 32/64bit
that
> > hole is closed.
> >
> > Thanks.
> >
> > Dan
> >
> > On Mon, Sep 3, 2012 at 6:46 AM, Tristan Santore
> > <tristan.santore(a)internexusconnect.net
> <mailto:tristan.santore@internexusconnect.net>
> > <mailto:tristan.santore@internexusconnect.net
> <mailto:tristan.santore@internexusconnect.net>>> wrote:
> >
> > On 03/09/12 11:39, Álvaro Castillo wrote:
> > > You see these is Java but free. On Java always exist bugs,
> exploits,
> > > trojans.... Difference Java Oracle between OpenJDK avoid one
is
> > > privative and other is free. Is speed fixing issues.
> > >
> > > On Sep 3, 2012 6:17 AM, "Dan Mashal"
<dan.mashal(a)gmail.com
> <mailto:dan.mashal@gmail.com>
> > <mailto:dan.mashal@gmail.com
<mailto:dan.mashal@gmail.com>>
> > > <mailto:dan.mashal@gmail.com
<mailto:dan.mashal@gmail.com>
> <mailto:dan.mashal@gmail.com <mailto:dan.mashal@gmail.com>>>>
wrote:
> > >
> > > I think this is a bigger deal:
> > >
> > > https://bugzilla.redhat.com/show_bug.cgi?id=852051
> > >
> > > Dan
> > >
> > > On Sun, Sep 2, 2012 at 9:23 AM, Jon <jdisnard(a)gmail.com
> <mailto:jdisnard@gmail.com>
> > <mailto:jdisnard@gmail.com <mailto:jdisnard@gmail.com>>
> > > <mailto:jdisnard@gmail.com
<mailto:jdisnard@gmail.com>
> <mailto:jdisnard@gmail.com <mailto:jdisnard@gmail.com>>>>
wrote:
> > >
> > > I believe the OP was referring to this (?):
> > >
> > >
http://www.f-secure.com/weblog/archives/00002400.html
> > >
> > > It's from July, but I keep seeing the same news
> appear on
> > > different sites.
> > > I do believe they are all referring to the above
link.
> > > That is unless the kit has been taken, modified,
> adapted,
> > evolved,
> > > etc... into something new.
> > >
> > >
> > > Best regards,
> > > -Jon
> > >
> > >
> > >
> > >
> > > On Sun, Sep 2, 2012 at 6:26 AM, Dan Mashal
> > <dan.mashal(a)gmail.com <mailto:dan.mashal@gmail.com>
> <mailto:dan.mashal@gmail.com <mailto:dan.mashal@gmail.com>>
> > > <mailto:dan.mashal@gmail.com
> <mailto:dan.mashal@gmail.com>
> > <mailto:dan.mashal@gmail.com
<mailto:dan.mashal@gmail.com>>>>
> wrote:
> > > > Really the only ways to get in are the following:
> > > >
> > > > 1) CVEs on the packages in the stable repo
> > > > 2) Vulnerabilities in software such as web
browsers
> > > > 3) Sniffing unecnrypted data
> > > > 4) dictionary attacks
> > > > 5) network scanning/port vulnerabilities
> > > > 6) Pushing out fake updates with back doors.
> > > >
> > > > Again, that was the god old days.
> > > >
> > > > Dan
> > > >
> > > >
> > > > On Sun, Sep 2, 2012 at 4:22 AM, Álvaro Castillo
> > > <netsys(a)fedoraproject.org
> <mailto:netsys@fedoraproject.org>
> > <mailto:netsys@fedoraproject.org
> <mailto:netsys@fedoraproject.org>> <mailto:netsys@fedoraproject.org
> <mailto:netsys@fedoraproject.org>
> > <mailto:netsys@fedoraproject.org
> <mailto:netsys@fedoraproject.org>>>>
> > > > wrote:
> > > >>
> > > >> I think a lot vuln about DDos on kernel or
software
> > that can
> > > solved with
> > > >> update your system (built) patchs. And know
about
> Java too
> > > that can be
> > > >> opened door for exploits and daemons runs on
> shadows. About
> > > trojans on
> > > >> Linux... dont know. All software is downloaded
of
> repos or
> > > .tar directly...
> > > >> Maybe passes such as Debian with OpenSSL (never
> be sure.)
> > > >>
> > > >> Is true that 100% is not exist on security. If
> you have
> > > paranoia, try
> > > >> OpenBSD, but remember, never be sure with
something
> > built by
> > > human as have
> > > >> said this.
> > > >>
> > > >> On Sep 2, 2012 3:05 AM, "Danishka
Navin"
> > <danishka(a)gmail.com <mailto:danishka@gmail.com>
> <mailto:danishka@gmail.com <mailto:danishka@gmail.com>>
> > > <mailto:danishka@gmail.com
> <mailto:danishka@gmail.com> <mailto:danishka@gmail.com
> <mailto:danishka@gmail.com>>>>
> > wrote:
> > > >>>
> > > >>> Is this true? (for Linux)
> > > >>>
> > > >>>
> > >
> >
>
http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Mac...
> > > >>>
> > > >>> Btw, I could not find any source other than
this.
> > > >>>
> > > >>> Thanks,
> > > >>> --
> > > >>> Danishka Navin
> > > >>> http://danishkanavin.blogspot.com
> > > >>> http://twitter.com/danishkanavin
> > > >>> http://www.flickr.com/photos/danishkanavin/
> > > >>>
> > > >>>
> > > >>>
> > >
> > >
> > > --
> > >
> > > -Jon
> > > --
> > > ambassadors mailing list
> > > ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> > <mailto:ambassadors@lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>>
> > > <mailto:ambassadors@lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> > <mailto:ambassadors@lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>>>
> > >
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> > >
> > >
> > >
> > > --
> > > ambassadors mailing list
> > > ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> > <mailto:ambassadors@lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>>
> > > <mailto:ambassadors@lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> > <mailto:ambassadors@lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>>>
> > >
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> > >
> > >
> > >
> > > --
> > > ambassadors mailing list
> > > ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> > <mailto:ambassadors@lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>>
> > > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> > These issues are now fixed. packages have just been pushed
out, so
> > please can be now close this thread. It is not in the right
place
> > any way.
> >
> > Thank you.
> >
> > Regards,
> > Tristan
> >
> > --
> > Tristan Santore BSc MBCS
> > TS4523-RIPE
> > Network and Infrastructure Operations
> > InterNexusConnect
> > Mobile +44-78-55069812 <tel:%2B44-78-55069812>
> <tel:%2B44-78-55069812>
> > Tristan.Santore(a)internexusconnect.net
> <mailto:Tristan.Santore@internexusconnect.net>
> > <mailto:Tristan.Santore@internexusconnect.net
> <mailto:Tristan.Santore@internexusconnect.net>>
> >
> > Former Thawte Notary
> > (Please note: Thawte has closed its WoT programme down,
> > and I am therefore no longer able to accredit trust)
> >
> > For Fedora related issues, please email me at:
> > TSantore(a)fedoraproject.org <mailto:TSantore@fedoraproject.org>
> <mailto:TSantore@fedoraproject.org <mailto:
TSantore(a)fedoraproject.org>>
> > --
> > ambassadors mailing list
> > ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> > <mailto:ambassadors@lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>>
> > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> >
> >
> >
> >
> > --
> > ambassadors mailing list
> > ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> This does not really belong on the ambassadors list! The only reason
why
> I even responded to any of this in the beginning, was to stop any
kind
> of disinformation about Fedora being insecure, from spreading out.
>
> People tend to believe any kind of little snippet of disinformation.
>
> Regards,
>
> Tristan
>
> --
> Tristan Santore BSc MBCS
> TS4523-RIPE
> Network and Infrastructure Operations
> InterNexusConnect
> Mobile +44-78-55069812 <tel:%2B44-78-55069812>
> Tristan.Santore(a)internexusconnect.net
> <mailto:Tristan.Santore@internexusconnect.net>
>
> Former Thawte Notary
> (Please note: Thawte has closed its WoT programme down,
> and I am therefore no longer able to accredit trust)
>
> For Fedora related issues, please email me at:
> TSantore(a)fedoraproject.org <mailto:TSantore@fedoraproject.org>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
> <mailto:ambassadors@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
>
>
>
>
> --
> ambassadors mailing list
> ambassadors(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
Irrelevant. Not what I ever suggested any way. But this is still the
ambassadors list, not the security list. And even on the security list,
this was a known issue for a week. So, even then it would have been
irrelevant by then.
So, maybe we can let this list come back to on topic posts now.
Thank you.
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore(a)internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore(a)fedoraproject.org
--
ambassadors mailing list
ambassadors(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/ambassadors
9:51 a.m.
On Mon, Sep 3, 2012 at 8:56 AM, Tristan Santore
<tristan.santore(a)internexusconnect.net> wrote:
So, maybe we can let this list come back to on topic posts now.
While we are making suggestions how about we trim the quoted text in
our replies so they don't include 5 miles of irrelevant garbage too?
John
4288
days inactive
4289
days old
ambassadors@lists.fedoraproject.org
18 comments
6 participants
participants (6)
-
Dan Mashal -
Danishka Navin -
inode0 -
Jon -
Tristan Santore -
Álvaro Castillo