Serious security risks found in Linux package managers - Linux

This is a discussion on Serious security risks found in Linux package managers - Linux ; the wharf rat wrote: > Moshe Goldfarb. wrote: > >> In essence it is also like a car with no stereo or even tires >> so even if it could be hacked it would be pointless to do so. >> ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 31 of 31

Thread: Serious security risks found in Linux package managers

  1. Re: Serious security risks found in Linux package managers

    the wharf rat wrote:
    > Moshe Goldfarb. wrote:
    >
    >> In essence it is also like a car with no stereo or even tires
    >> so even if it could be hacked it would be pointless to do so.
    >> As such, it is entirely useless. "

    >
    > There's something terribly ironic about a Google user ranting
    > about how utterly useless Linux is. Talk about byting the hand
    > that feeds you...


    Bear in mind that Goldfarb is a known troll.

    --
    [mail]: Chuck F (cbfalconer at maineline dot net)
    [page]:
    Try the download section.


  2. Re: Serious security risks found in Linux package managers

    On Tue, 15 Jul 2008 16:44:17 -0700 (PDT), Mark S Bilk wrote:

    > On Jul 15, 6:52 am, "Moshe Goldfarb." wrote:
    >> On Mon, 14 Jul 2008 16:22:37 -0700 (PDT), Mark S Bilk wrote:
    >>> On Jul 14, 10:18 am, "Ezekiel" wrote:
    >>>>http://news.zdnet.co.uk/security/0,1...9446765,00.htm

    >>
    >>> Despite the usual FUD from Microsoft propaganda agents
    >>> ("Moshe Goldfarb" and "Clogwog" in this case) one is safe
    >>> from these vulnerabilities if using the distro company's
    >>> own update repository. And some fix for the problem will
    >>> be implemented soon in any case.

    >>
    >> Let's see:
    >>
    >> 1. You call it FUD.
    >> 2. You say it will be fixed soon....
    >>
    >> Try again, Bilk....

    >
    > 1. There is an immediate solution, which is to use only the
    > distro company's own update website. 2. The vulnerability
    > for other websites will soon be fixed.


    But......you called it FUD......
    So if it is a real problem, why do you call it FUD, Mark S. Bilk?



    >>> At least Linux users do get prompt security updates,
    >>> unlike MS-Windows victims.

    >>
    >> Huh?
    >> Ever hear of Windows Update?
    >> Fixes are released all the time, too much in fact IMHO.

    >
    > But this is only for MS-Windows itself, or maybe Windows and
    > Microsoft applications, right? Not for all the application
    > software that comes with the distribution, because Microsoft
    > doesn't distribute other applications. Linux distribution
    > administrators track updates for the thousands of other
    > programs that they distribute, and send those updates on
    > to the users via the same update system.


    Sure, and when a repository is a trojan trap you have the problem we are
    discussing here.

    >>> I had a cable-TV service guy
    >>> in here the other day -- technically knowledgeable --
    >>> who looked at my Linux system --

    >>
    >> So did you get "serviced" Mark S. Bilk?

    >
    > Gary Stewart, here using the anonymous ID "Moshe Goldfarb",
    > has been accusing me of being homosexual for the ten years
    > that he's been lying about Linux on behalf of Microsoft.


    Hahahahha!

    1. Prove I am Gary Stewert.
    2. Prove I work for Microsoft.

    That should keep you busy for a while Mark S. Bilk...


    > This because I've written that homosexual people should
    > have the same rights as everyone else. He has forged Usenet
    > posts in my name describing and soliciting unhygienic
    > oral-anal sex acts. He is a fundamentalist so-called
    > "Christian".


    Huh?????

    For the record, homosexuality sickens me, however I do believe you freaks
    should have equal rights, except for legal marriage and insurance (because
    cohabiting heterosexuals do not have insurance rights).

    One listen to you on Pacifica is more than enough to make a judgment call,
    Mark S. Bilk...


    >>> He's going to switch to Linux, and all the great free
    >>> software that comes with it. The software of the
    >>> world community!

    >>
    >> Sure, and the two of you are going live happily ever after,
    >> pro-create a family and die of old age...
    >> Well, two out of three anyway.
    >> One of the above is impossible.
    >> What a loon....

    >
    > Gary Stewart is a liar, forger, and sociopath, whose goal is
    > to sabotage open-source world community software, and
    > have it replaced by proprietary software that's controlled
    > by ultra-wealthy businessmen.


    Huh?

    I like free just as much as you do Bilk...
    The problem is free, as in Linux, sucks...
    Fix it and you will have a friend for life...


    > Vista is the latest Microsoft
    > effort in what Richard Stallman properly calls Treacherous
    > Computing, which gives corporations and the government
    > complete control over what information we can access and
    > exchange with our computers. This effort began with
    > Microsoft's "Palladium" system which would require permission
    > from a government DRM server before accessing any website.


    It's known as protecting people's hard work....
    Do I like *all* aspects of DRM?
    No, I don't...
    My *personal* opinion is if you buy it, legally, you should be able to do
    anything with it you want short of selling it to people or massively
    offering it up for free, say on a P2P network.

    > Thus, for example, the rapidly spreading information that
    > the World Trade Center towers were blown up by the
    > U.S. government on 9/11/2001 (and that false-flag attack
    > was then used as the pretext for destroying the U.S.
    > Constitution and murdering 2,000,000 people) would be made
    > inaccessible to the public by that same government.
    > See http://cosmicpenguin.com


    Yawnnnn...
    You are a nut Bilk...
    Your claims are ludicrous and have been dissected over and over again 100
    times.


    > At this point in time, free software and an unrestricted
    > Internet are vital for the survival of the human species,
    > since (among many other reasons) the next attack by the U.S.
    > government -- against Iran -- could easily lead to a nuclear
    > war.


    And what if they attack us first?
    Free software has ZERO to do with this....

    > Microsoft, with its huge propaganda campaign against
    > free software, is thus endangering the survival of mankind.


    Get a new tinfoil hat Bilk because your current model has a few short
    circuits in it...


    --
    Moshe Goldfarb
    Collector of soaps from around the globe.
    Please visit The Hall of Linux Idiots:
    http://linuxidiots.blogspot.com/

  3. Re: Serious security risks found in Linux package managers

    In comp.os.linux.advocacy, Moshe Goldfarb.

    wrote
    on Tue, 15 Jul 2008 20:50:31 -0400
    <1qfm9ncdwj1du.lqyrmb71g4t7.dlg@40tude.net>:
    > On Tue, 15 Jul 2008 16:44:17 -0700 (PDT), Mark S Bilk wrote:
    >
    >> On Jul 15, 6:52 am, "Moshe Goldfarb." wrote:
    >>> On Mon, 14 Jul 2008 16:22:37 -0700 (PDT), Mark S Bilk wrote:
    >>>> On Jul 14, 10:18 am, "Ezekiel" wrote:
    >>>>>http://news.zdnet.co.uk/security/0,1...9446765,00.htm
    >>>
    >>>> Despite the usual FUD from Microsoft propaganda agents
    >>>> ("Moshe Goldfarb" and "Clogwog" in this case) one is safe
    >>>> from these vulnerabilities if using the distro company's
    >>>> own update repository. And some fix for the problem will
    >>>> be implemented soon in any case.
    >>>
    >>> Let's see:
    >>>
    >>> 1. You call it FUD.
    >>> 2. You say it will be fixed soon....
    >>>
    >>> Try again, Bilk....

    >>
    >> 1. There is an immediate solution, which is to use only the
    >> distro company's own update website. 2. The vulnerability
    >> for other websites will soon be fixed.

    >
    > But......you called it FUD......
    > So if it is a real problem, why do you call it FUD, Mark S. Bilk?
    >


    The distro company's own update website could be hacked,
    or the user's ISP hacked to generate spurious name-to-IP
    mappings as well, or the user's computer (/etc/hosts in
    the case of Linux) might be hacked, to point the user to
    a completely different (and presumably evil) server.

    Linux makes it harder but certainly not impossible.

    >
    >
    >>>> At least Linux users do get prompt security updates,
    >>>> unlike MS-Windows victims.
    >>>
    >>> Huh?
    >>> Ever hear of Windows Update?
    >>> Fixes are released all the time, too much in fact IMHO.

    >>
    >> But this is only for MS-Windows itself, or maybe Windows and
    >> Microsoft applications, right? Not for all the application
    >> software that comes with the distribution, because Microsoft
    >> doesn't distribute other applications. Linux distribution
    >> administrators track updates for the thousands of other
    >> programs that they distribute, and send those updates on
    >> to the users via the same update system.

    >
    > Sure, and when a repository is a trojan trap you have the problem we are
    > discussing here.


    That includes the distro's main tree -- if that's indeed
    what one is pointing at, which is not a given if the
    DNS or /etc/hosts is hacked.

    (There are suggestions on how to implement a more secure
    DNS system, but there's a fair number of issues here.)

    [rest snipped]

    --
    #191, ewill3@earthlink.net
    Windows. Because it's not a question of if.
    It's a question of when.
    ** Posted from http://www.teranews.com **

  4. Re: Serious security risks found in Linux package managers

    Mark S Bilk wrote:


    > Microsoft, with its huge propaganda campaign against
    > free software, is thus endangering the survival of mankind.


    ha!!!

    Linux does draw in the crackpots...




  5. Re: Serious security risks found in Linux package managers

    On Wed, 16 Jul 2008 01:06:14 -0400, DFS wrote:

    > Mark S Bilk wrote:
    >
    >
    >> Microsoft, with its huge propaganda campaign against
    >> free software, is thus endangering the survival of mankind.

    >
    > ha!!!
    >
    > Linux does draw in the crackpots...


    Notice how none of the Linux loons in this group ever correct insane
    statements like those made by Mark S. Bilk and Rex Ballard?

    They need every warm body they can find.

    That's the only reason they put up with the total ineptness of Rick and HPT
    along with his boyfriend Martii.

    --
    Moshe Goldfarb
    Collector of soaps from around the globe.
    Please visit The Hall of Linux Idiots:
    http://linuxidiots.blogspot.com/

  6. Re: Serious security risks found in Linux package managers

    On Wed, 16 Jul 2008 10:20:52 -0400, Moshe Goldfarb. wrote:

    > On Wed, 16 Jul 2008 01:06:14 -0400, DFS wrote:
    >
    >> Mark S Bilk wrote:
    >>
    >>
    >>> Microsoft, with its huge propaganda campaign against free software, is
    >>> thus endangering the survival of mankind.

    >>
    >> ha!!!
    >>
    >> Linux does draw in the crackpots...

    >
    > Notice how none of the Linux loons (snip)


    Notice how you are a bitchey bigot?

    --
    Rick

  7. Re: Serious security risks found in Linux package managers

    In article ,
    "Moshe Goldfarb." wrote:
    > >> Microsoft, with its huge propaganda campaign against
    > >> free software, is thus endangering the survival of mankind.

    > >
    > > ha!!!
    > >
    > > Linux does draw in the crackpots...

    >
    > Notice how none of the Linux loons in this group ever correct insane
    > statements like those made by Mark S. Bilk and Rex Ballard?
    >
    > They need every warm body they can find.


    Note that some Linux advocates who used to be here did correct them.
    Jesse F. Hughes, for example, did a pretty good job on Rex's claims that
    Microsoft hacked into Ken Starr's computer to steal the Monica Lewinski
    information, which they then turned into a scandal via MSNBC, in order
    to get the country focused on that to deflect attention from themselves.
    Jesse responded to a lot of Rex posts, pointing out the problems.

    Jim Richardson didn't actually correct any that I recall. He just said
    they were bull****, but entertaining, so he enjoyed them.

    Roy Culley called Rex an embarrassment and questioned his intelligence.

    Kier said that a majority of Rex's claims are not true, and pointed out
    that even after a claim is *proven* to be not true, Rex often continues
    making it.

    --
    --Tim Smith

  8. Re: Serious security risks found in Linux package managers

    On Wed, 16 Jul 2008 09:01:38 -0700, Tim Smith wrote:

    > In article ,
    > "Moshe Goldfarb." wrote:
    >>>> Microsoft, with its huge propaganda campaign against
    >>>> free software, is thus endangering the survival of mankind.
    >>>
    >>> ha!!!
    >>>
    >>> Linux does draw in the crackpots...

    >>
    >> Notice how none of the Linux loons in this group ever correct insane
    >> statements like those made by Mark S. Bilk and Rex Ballard?
    >>
    >> They need every warm body they can find.

    >
    > Note that some Linux advocates who used to be here did correct them.
    > Jesse F. Hughes, for example, did a pretty good job on Rex's claims that
    > Microsoft hacked into Ken Starr's computer to steal the Monica Lewinski
    > information, which they then turned into a scandal via MSNBC, in order
    > to get the country focused on that to deflect attention from themselves.
    > Jesse responded to a lot of Rex posts, pointing out the problems.


    Wasn't the Whitehouse a Mac shop when Clinton was president?
    I remember Jesse, he was a good Linux advocate.

    Rex is a few bricks shy of a full load.

    > Jim Richardson didn't actually correct any that I recall. He just said
    > they were bull****, but entertaining, so he enjoyed them.


    Jim is a decent advocate,
    Certainly better than the group we have here now.


    > Roy Culley called Rex an embarrassment and questioned his intelligence.


    He also said the script [Homer] uses to do stats is a joke or something
    like that.


    > Kier said that a majority of Rex's claims are not true, and pointed out
    > that even after a claim is *proven* to be not true, Rex often continues
    > making it.


    Kier is one of the better Linux advocates when he actually discusses
    topics.
    He seems to have imploded though.

    The Linux loons here don't like him because he is a more middle of the road
    advocate and you know that if you don't agree in total with the loons you
    are considered the enemy.

    --
    Moshe Goldfarb
    Collector of soaps from around the globe.
    Please visit The Hall of Linux Idiots:
    http://linuxidiots.blogspot.com/

  9. Re: Serious security risks found in Linux package managers

    * Tim Smith peremptorily fired off this memo:

    > In article ,
    > "Moshe Goldfarb." wrote:
    >>
    >> Notice how none of the Linux loons in this group ever correct insane
    >> statements like those made by Mark S. Bilk and Rex Ballard?


    Moshe is an idiot.

    > Note that some Linux advocates who used to be here did correct them.
    > Jesse F. Hughes, for example, did a pretty good job on Rex's claims that
    > Microsoft hacked into Ken Starr's computer to steal the Monica Lewinski
    > information, which they then turned into a scandal via MSNBC, in order
    > to get the country focused on that to deflect attention from themselves.
    > Jesse responded to a lot of Rex posts, pointing out the problems.
    >
    > Jim Richardson didn't actually correct any that I recall. He just said
    > they were bull****, but entertaining, so he enjoyed them.
    >
    > Roy Culley called Rex an embarrassment and questioned his intelligence.
    >
    > Kier said that a majority of Rex's claims are not true, and pointed out
    > that even after a claim is *proven* to be not true, Rex often continues
    > making it.


    For what it is worth, Rex's posts are way too long to answer. I think
    his posts have elements of truth, but much of it reads like
    confabulation.

    Nonetheless, I would be if you /could/ dig into his topics, you'd find
    some real surprises about the dickheads in the software industry.

    --
    The meek shall inherit the earth -- they are too weak to refuse.

  10. Re: Serious security risks found in Linux package managers

    On Wed, 16 Jul 2008 13:14:37 -0400, Linonut wrote:


    > Moshe is an idiot.


    No I'm not, but you certainly are Liarnut....


    > Note th> Nonetheless, I would be if you /could/ dig into his topics, you'd find
    > some real surprises about the dickheads in the software industry.


    There is no doubt in my mind that when it comes to dickheads, Rex Ballard
    is an expert............

    So for once you are correct, Liarnut...


    --
    Moshe Goldfarb
    Collector of soaps from around the globe.
    Please visit The Hall of Linux Idiots:
    http://linuxidiots.blogspot.com/

  11. Re: Serious security risks found in Linux package managers

    On Wed, 16 Jul 2008 13:14:37 -0400, Linonut wrote:

    > * Tim Smith peremptorily fired off this memo:
    >
    >> In article ,
    >> "Moshe Goldfarb." wrote:
    >>>
    >>> Notice how none of the Linux loons in this group ever correct insane
    >>> statements like those made by Mark S. Bilk and Rex Ballard?

    >
    > Moshe is an idiot.
    >
    >> Note that some Linux advocates who used to be here did correct them.
    >> Jesse F. Hughes, for example, did a pretty good job on Rex's claims that
    >> Microsoft hacked into Ken Starr's computer to steal the Monica Lewinski
    >> information, which they then turned into a scandal via MSNBC, in order
    >> to get the country focused on that to deflect attention from themselves.
    >> Jesse responded to a lot of Rex posts, pointing out the problems.
    >>
    >> Jim Richardson didn't actually correct any that I recall. He just said
    >> they were bull****, but entertaining, so he enjoyed them.
    >>
    >> Roy Culley called Rex an embarrassment and questioned his intelligence.
    >>
    >> Kier said that a majority of Rex's claims are not true, and pointed out
    >> that even after a claim is *proven* to be not true, Rex often continues
    >> making it.

    >
    > For what it is worth, Rex's posts are way too long to answer. I think his
    > posts have elements of truth, but much of it reads like confabulation.
    >
    > Nonetheless, I would be if you /could/ dig into his topics, you'd find
    > some real surprises about the dickheads in the software industry.


    A lot are too long for me to bother. I have an automatic delete if the
    post is over a certain number of lines.

    --
    Is a M$ "Certificate of Authenticity"
    for Vista, a junk bond?

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2