Security, Linux and the Roving Bug - Security

This is a discussion on Security, Linux and the Roving Bug - Security ; Her advocates claim Linux is more secure than Windows and as proof they offer the list of viruses that target Windows. The rebuttal is typically that Window is an attractive target for virus writers due to its ubiquity. The Linux ...

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 28

Thread: Security, Linux and the Roving Bug

  1. Security, Linux and the Roving Bug

    Her advocates claim Linux is more secure than Windows and as proof they
    offer
    the list of viruses that target Windows. The rebuttal is typically that
    Window is an attractive target for virus writers due to its ubiquity. The
    Linux advocate's reply is that, Linux's architecture makes it impossible to
    hack. I think we've all seen this exchange. Whether Linux is immune from
    hacking is an open question. What if Linux were ubiquitous? Would hackers
    try to break in? Could hackers succeed? The answer to these questions is
    yes.

    Motorola has embraced Linux as the OS to run on its line of cell phones
    (http://news.com.com/2100-1001-984424.html). The following link includes
    over a dozen cell phone offering, including the Razr, which feature Linux:
    http://www.linuxdevices.com/news/NS4504156025.html. Motorola is a leading
    cell phone company. Motorola's market share has reached the critical mass
    required to make the devices attractive to the l33t haxtorz.

    Cell phones are venerable to a security threat called 'The Roving Bug'. The
    bug allows people to listen in on you conversations even when the cell phone
    is off. People can remotely turn on your cell phone, listen in on your
    conversations, upload and download data, and take photos without you knowing
    it. The only way to secure your cell phone and your privacy is to remove
    the
    battery.

    Here's what one site has to say:


    Nextel and Samsung handsets and the Motorola Razr are especially vulnerable
    to software downloads that activate their microphones, said James Atkinson,
    a
    counter-surveillance consultant who has worked closely with government
    agencies. "They can be remotely accessed and made to transmit room audio all
    the time," he said. "You can do that without having physical access to the
    phone."

    Because modern handsets are miniature computers, downloaded software could
    modify the usual interface that always displays when a call is in progress.
    The spyware could then place a call to the FBI and activate the microphone--
    all without the owner knowing it happened
    http://hootsbuddy.blogspot.com/2006/...oving-bug.html

    The article says, ". the Motorola Razr [running Linux] are especially
    venerable ."

    It turns out that Linux's security model is porous as a sieve. Devices
    running Linux are being hacked and taken over by remote hackers. The
    security hole persists even when the device is turned off. But is it some
    secret 'back door' that only the government knows how to access? Nope, the
    world knows how to by pass and exploit Linux's so-called security. Here's a
    horror story describing the hell created because of Linux's weak security:
    http://www.thenewstribune.com/news/c...ory/91460.html.

    I am sure so will say, "B-b-b-but Windows blah, blah, blah." to which I
    reply, "Irrelevant!"

    This issue is about a bug in Linux. This is about a known bug in Linux
    that's been hanging around for months. It is a bug a known bug in Linux
    that's been hanging around for months that has not been fixed. This is
    about
    a security hole in Linux. Windows is not the issue here. This is a Linux
    problem and not a Windows problem.



  2. Re: Security, Linux and the Roving Bug

    Cassandra wrote:

    >
    > This issue is about a bug in Linux. This is about a known bug in Linux
    > that's been hanging around for months. It is a bug a known bug in Linux
    > that's been hanging around for months that has not been fixed. This is
    > about a security hole in Linux. Windows is not the issue here. This is a Linux
    > problem and not a Windows problem.
    >
    >


    Huh?

    It seems to be more a bug in the cell-phone protocol/hardware. Or
    possibly a hardware mod to the cell phones. I can well imagine the cell
    phone companies would have a way to update the firmware in your phone
    remotely.

    Nothing to say that it's due to linux being on the phone.

    The only reason it's not *also* a windows problem is that windows can't
    possibly run on a cellphone....

    As to the "horror story" - why don't they get a prepaid phone? Or do
    away with cell phones altogether? Or stuff the damn things into a sock
    while they're not using them? Christ, people used to live their whole
    lives without cell phones.

  3. Re: Security, Linux and the Roving Bug

    "Cassandra" wrote in message
    news:bJCdnZBigMvgjRnbnZ2dnUVZ_veinZ2d@comcast.com. ..
    : Her advocates claim Linux is more secure than Windows and as proof they
    : offer
    : the list of viruses that target Windows. The rebuttal is typically that
    : Window is an attractive target for virus writers due to its ubiquity. The
    : Linux advocate's reply is that, Linux's architecture makes it impossible
    to
    : hack. I think we've all seen this exchange. Whether Linux is immune from
    : hacking is an open question. What if Linux were ubiquitous? Would
    hackers
    : try to break in? Could hackers succeed? The answer to these questions is
    : yes.
    :
    : Motorola has embraced Linux as the OS to run on its line of cell phones
    : (http://news.com.com/2100-1001-984424.html). The following link includes
    : over a dozen cell phone offering, including the Razr, which feature Linux:
    : http://www.linuxdevices.com/news/NS4504156025.html. Motorola is a
    leading
    : cell phone company. Motorola's market share has reached the critical mass
    : required to make the devices attractive to the l33t haxtorz.
    :
    : Cell phones are venerable to a security threat called 'The Roving Bug'.
    The
    : bug allows people to listen in on you conversations even when the cell
    phone
    : is off. People can remotely turn on your cell phone, listen in on your
    : conversations, upload and download data, and take photos without you
    knowing
    : it. The only way to secure your cell phone and your privacy is to remove
    : the
    : battery.
    :
    : Here's what one site has to say:
    :
    :
    : Nextel and Samsung handsets and the Motorola Razr are especially
    vulnerable
    : to software downloads that activate their microphones, said James
    Atkinson,
    : a
    : counter-surveillance consultant who has worked closely with government
    : agencies. "They can be remotely accessed and made to transmit room audio
    all
    : the time," he said. "You can do that without having physical access to the
    : phone."
    :
    : Because modern handsets are miniature computers, downloaded software could
    : modify the usual interface that always displays when a call is in
    progress.
    : The spyware could then place a call to the FBI and activate the
    microphone--
    : all without the owner knowing it happened
    :
    http://hootsbuddy.blogspot.com/2006/...oving-bug.html
    :
    : The article says, ". the Motorola Razr [running Linux] are especially
    : venerable ."
    :
    : It turns out that Linux's security model is porous as a sieve. Devices
    : running Linux are being hacked and taken over by remote hackers. The
    : security hole persists even when the device is turned off. But is it some
    : secret 'back door' that only the government knows how to access? Nope,
    the
    : world knows how to by pass and exploit Linux's so-called security. Here's
    a
    : horror story describing the hell created because of Linux's weak security:
    : http://www.thenewstribune.com/news/c...ory/91460.html.
    :
    : I am sure so will say, "B-b-b-but Windows blah, blah, blah." to which I
    : reply, "Irrelevant!"
    :
    : This issue is about a bug in Linux. This is about a known bug in Linux
    : that's been hanging around for months. It is a bug a known bug in Linux
    : that's been hanging around for months that has not been fixed. This is
    : about
    : a security hole in Linux. Windows is not the issue here. This is a Linux
    : problem and not a Windows problem.

    One thing I've learned after 20 years in the computer industry is that a
    system's biggest security risk is complacency. Security isn't binary as
    some Linux Loonies proclaim. Security is uniary and it is set to 'off'. If
    you're the type who prefers a mathematic theory to support a concept then I
    direct you to Gödel's Incompleteness Theory. Gödel theory is based on the
    fact that all systems are inherently finite and therefore have external
    forces acting upon them. The external forces, being outside the system, can
    act in ways not predicted by the system. The system is vulnerable to forces
    the system was not designed to handle. Security is a system and its role is
    to defend against external forces. The system of security will always have
    vulnerabilities since a finite system can not predict and account for an
    infinite number of external forces.

    Linux should be able to defend against security threats pretty well. You
    need two tools to accommodate the inherent incompleteness of security
    systems: vigilance and flexibility. Vigilance is used to identity
    vulnerabilities early in its life-cycle and flexibility is used to defend
    against it.

    Linux's source code is open so the code is open to the scrutiny of millions
    of eyes. Vigilance against security threats are not dependant on any one
    person or group. There are millions of people watching out for security
    holes in Linux. In theory at least, the Linux community is vigilant against
    security threats.

    Linux covers the requirement of flexibility very well too. Linux's code is
    available to all to modify, compile and use. Anyone can fix vulnerability
    once it is identified. There are probably 10's of thousands of people with
    the knowledge, skill set and resources to fix security holes in Linux.
    There is an added incentive to fixing security bugs in Linux. The Open
    Source Community has a Cult of Personality* culture. The person who fixes
    and implements major fixes to Linux would receive Rock Star status in the
    Linux world. Someone who fixes a security hole the size of the 'Roving Bug'
    might even get to sign (and touch) the boobies of all the girls who frequent
    C.O.L.A. He may even get to have sex with a real girl if his mom would let
    her into the basement. There are some huge incentives in the open source
    community to fix security vulnerabilities like the Roving Bug.

    Linux community contains enough 'eyes' to call it a vigilant environment.
    Linux provides enough information and resources to call it a flexible
    environment. Vigilance and flexibility are required for a secure
    environment and Linux has both these. The Roving Bug persists in Linux.

    On November 27, 2006 the U.S. District Court described the 'Roving Bug'
    (http://www.politechbot.com/docs/fbi....ion.120106.txt).
    Information on the 'Roving Bug' has been available to the public for about
    six months. The Open Source Community has known about Linux's security
    weakness for months. Hundreds of new and updated Linux distributions have
    been announced on Linux's Distribution Watch since the 'Roving Bug' became
    public. If the Open Source Community had the time and resources to create
    hundreds of new distributions then the community had to time to fix the
    Roving Bug. The bug persists and the Government is still exploiting a hole
    in Linux to spy on innocent people. It is clear the Open Source Community
    is not as responsive to bug fixes as the Linux Advocates claim.

    To summarize the points:
    Cell phones are vulnerable to hackers via the 'Roving Bug'.
    Hackers include the government but also juvenile "l33t haxor" brats.
    The cell phones that are vulnerable include the Razr which runs Linux.
    Linux has a huge security vulnerability.
    The open source community has known about the vulnerability.
    The open source community has done nothing to fix the vulnerability.
    Linux's security vulnerabilities persist.

    The above is a list of documented facts. The facts illustrate a weakness in
    Linux. No one will come forward and point me to a link where a fix to the
    Roving Bug is available for download. Like Cassandra, I'll be ridiculed for
    publicizing the truth about weaknesses in Linux and the Open Source
    Development Model. The response will consist of name calling and unfounded
    accusations. I'll be accused of being on Microsoft's payroll, my choice of
    News Reader will come into question and I'll be called a nym-shifting racist
    homophobe yet no one will address the issue; no one will fix Linux. The
    security hole will continue and hackers will continue to exploit Linux
    unbeknownst to the users.

    The security holes in Linux will persist and Linux Loonies will pat
    themselves on the back for 10 new Linux distributions and Roy S. will spam
    C.O.L.A with 100 new posts announcing the new, redundant Linux distributions
    and Mark Kent will laude his OCD as a benefit to the Linux cause. The
    community focuses on destroying Microsoft and deludes themselves into
    thinking GPL 3 will do it. I expect ridicule from the Linux Advocates for
    sharing my wisdom. The ridicule only affirms the accuracy of my statements.

    Shakespeare observed in King Lear, "Wisdom and goodness to the vile seem
    vile: Filths savor but themselves" (Act IV, Scene II). Such is the sad
    state of the Linux community.



    * The three data points used to support the 'Cult of Personality culture'
    observation would include Linus, Stallman and Larry Wall.



  4. Re: Security, Linux and the Roving Bug


    "CptDondo" wrote in message
    news:13885j98uu1do0b@corp.supernews.com...
    : Cassandra wrote:
    :
    : >
    : > This issue is about a bug in Linux. This is about a known bug in Linux
    : > that's been hanging around for months. It is a bug a known bug in Linux
    : > that's been hanging around for months that has not been fixed. This is
    : > about a security hole in Linux. Windows is not the issue here. This is
    a Linux
    : > problem and not a Windows problem.
    : >
    : >
    :
    : Huh?
    :
    : It seems to be more a bug in the cell-phone protocol/hardware. Or
    : possibly a hardware mod to the cell phones. I can well imagine the cell
    : phone companies would have a way to update the firmware in your phone
    : remotely.
    :
    : Nothing to say that it's due to linux being on the phone.

    The features of the phone such are the way the firmware is updated are
    executed by Linux.
    The vulnerability on these phones is a result of Linux.
    The Roving Bug is a huge security hole in these phones.
    Its presents and exploitation is facilitated by Linux.



  5. Re: Security, Linux and the Roving Bug

    Nedd Ludd wrote:
    >
    > The features of the phone such are the way the firmware is updated are
    > executed by Linux.


    Please document this. Non-linux phones cannot be updated?

    > The vulnerability on these phones is a result of Linux.


    Please document this. Non-linux-based phones don't have this vulnerability?

    > The Roving Bug is a huge security hole in these phones.


    Yes.

    > Its presents and exploitation is facilitated by Linux.


    Please document this. Non-linux phones don't have this vulnerability?

  6. Re: Security, Linux and the Roving Bug

    On Thu, 28 Jun 2007 16:10:00 -0400, Nedd Ludd wrote:

    > "Cassandra" wrote in message
    > news:bJCdnZBigMvgjRnbnZ2dnUVZ_veinZ2d@comcast.com. ..
    > : Her advocates claim Linux is more secure than Windows and as proof they
    > : offer
    > : the list of viruses that target Windows. The rebuttal is typically that
    > : Window is an attractive target for virus writers due to its ubiquity. The
    > : Linux advocate's reply is that, Linux's architecture makes it impossible
    > to
    > : hack. I think we've all seen this exchange. Whether Linux is immune from
    > : hacking is an open question. What if Linux were ubiquitous? Would
    > hackers
    > : try to break in? Could hackers succeed? The answer to these questions is
    > : yes.
    > :
    > : Motorola has embraced Linux as the OS to run on its line of cell phones
    > : (http://news.com.com/2100-1001-984424.html). The following link includes
    > : over a dozen cell phone offering, including the Razr, which feature Linux:
    > : http://www.linuxdevices.com/news/NS4504156025.html. Motorola is a
    > leading
    > : cell phone company. Motorola's market share has reached the critical mass
    > : required to make the devices attractive to the l33t haxtorz.
    > :
    > : Cell phones are venerable to a security threat called 'The Roving Bug'.
    > The
    > : bug allows people to listen in on you conversations even when the cell
    > phone
    > : is off. People can remotely turn on your cell phone, listen in on your
    > : conversations, upload and download data, and take photos without you
    > knowing
    > : it. The only way to secure your cell phone and your privacy is to remove
    > : the
    > : battery.
    > :
    > : Here's what one site has to say:
    > :
    > :
    > : Nextel and Samsung handsets and the Motorola Razr are especially
    > vulnerable
    > : to software downloads that activate their microphones, said James
    > Atkinson,
    > : a
    > : counter-surveillance consultant who has worked closely with government
    > : agencies. "They can be remotely accessed and made to transmit room audio
    > all
    > : the time," he said. "You can do that without having physical access to the
    > : phone."
    > :
    > : Because modern handsets are miniature computers, downloaded software could
    > : modify the usual interface that always displays when a call is in
    > progress.
    > : The spyware could then place a call to the FBI and activate the
    > microphone--
    > : all without the owner knowing it happened
    > :
    http://hootsbuddy.blogspot.com/2006/...oving-bug.html
    > :
    > : The article says, ". the Motorola Razr [running Linux] are especially
    > : venerable ."
    > :
    > : It turns out that Linux's security model is porous as a sieve. Devices
    > : running Linux are being hacked and taken over by remote hackers. The
    > : security hole persists even when the device is turned off. But is it some
    > : secret 'back door' that only the government knows how to access? Nope,
    > the
    > : world knows how to by pass and exploit Linux's so-called security. Here's
    > a
    > : horror story describing the hell created because of Linux's weak security:
    > : http://www.thenewstribune.com/news/c...ory/91460.html.
    > :
    > : I am sure so will say, "B-b-b-but Windows blah, blah, blah." to which I
    > : reply, "Irrelevant!"
    > :
    > : This issue is about a bug in Linux. This is about a known bug in Linux
    > : that's been hanging around for months. It is a bug a known bug in Linux
    > : that's been hanging around for months that has not been fixed. This is
    > : about
    > : a security hole in Linux. Windows is not the issue here. This is a Linux
    > : problem and not a Windows problem.
    >
    > One thing I've learned after 20 years in the computer industry is that a
    > system's biggest security risk is complacency. Security isn't binary as
    > some Linux Loonies proclaim. Security is uniary and it is set to 'off'. If
    > you're the type who prefers a mathematic theory to support a concept then I
    > direct you to Gödel's Incompleteness Theory. Gödel theory is based on the
    > fact that all systems are inherently finite and therefore have external
    > forces acting upon them. The external forces, being outside the system, can
    > act in ways not predicted by the system. The system is vulnerable to forces
    > the system was not designed to handle. Security is a system and its role is
    > to defend against external forces. The system of security will always have
    > vulnerabilities since a finite system can not predict and account for an
    > infinite number of external forces.


    The incompleteness theorm has nothing to do with finiteness at all. It
    merely says that there are statements which are not mathematcially
    provable to be either true or false - i.e. mathematical theory is
    'incomplete'.

    >
    > Linux should be able to defend against security threats pretty well. You
    > need two tools to accommodate the inherent incompleteness of security
    > systems: vigilance and flexibility. Vigilance is used to identity
    > vulnerabilities early in its life-cycle and flexibility is used to defend
    > against it.
    >
    > Linux's source code is open so the code is open to the scrutiny of millions
    > of eyes. Vigilance against security threats are not dependant on any one
    > person or group. There are millions of people watching out for security
    > holes in Linux. In theory at least, the Linux community is vigilant against
    > security threats.
    >
    > Linux covers the requirement of flexibility very well too. Linux's code is
    > available to all to modify, compile and use. Anyone can fix vulnerability
    > once it is identified. There are probably 10's of thousands of people with
    > the knowledge, skill set and resources to fix security holes in Linux.
    > There is an added incentive to fixing security bugs in Linux. The Open
    > Source Community has a Cult of Personality* culture. The person who fixes
    > and implements major fixes to Linux would receive Rock Star status in the
    > Linux world. Someone who fixes a security hole the size of the 'Roving Bug'
    > might even get to sign (and touch) the boobies of all the girls who frequent
    > C.O.L.A. He may even get to have sex with a real girl if his mom would let
    > her into the basement. There are some huge incentives in the open source
    > community to fix security vulnerabilities like the Roving Bug.
    >
    > Linux community contains enough 'eyes' to call it a vigilant environment.
    > Linux provides enough information and resources to call it a flexible
    > environment. Vigilance and flexibility are required for a secure
    > environment and Linux has both these. The Roving Bug persists in Linux.
    >
    > On November 27, 2006 the U.S. District Court described the 'Roving Bug'
    > (http://www.politechbot.com/docs/fbi....ion.120106.txt).
    > Information on the 'Roving Bug' has been available to the public for about
    > six months. The Open Source Community has known about Linux's security
    > weakness for months. Hundreds of new and updated Linux distributions have
    > been announced on Linux's Distribution Watch since the 'Roving Bug' became
    > public. If the Open Source Community had the time and resources to create
    > hundreds of new distributions then the community had to time to fix the
    > Roving Bug. The bug persists and the Government is still exploiting a hole
    > in Linux to spy on innocent people. It is clear the Open Source Community
    > is not as responsive to bug fixes as the Linux Advocates claim.
    >
    > To summarize the points:
    > Cell phones are vulnerable to hackers via the 'Roving Bug'.
    > Hackers include the government but also juvenile "l33t haxor" brats.
    > The cell phones that are vulnerable include the Razr which runs Linux.
    > Linux has a huge security vulnerability.
    > The open source community has known about the vulnerability.
    > The open source community has done nothing to fix the vulnerability.
    > Linux's security vulnerabilities persist.
    >
    > The above is a list of documented facts. The facts illustrate a weakness in
    > Linux. No one will come forward and point me to a link where a fix to the
    > Roving Bug is available for download. Like Cassandra, I'll be ridiculed for
    > publicizing the truth about weaknesses in Linux and the Open Source
    > Development Model. The response will consist of name calling and unfounded
    > accusations. I'll be accused of being on Microsoft's payroll, my choice of
    > News Reader will come into question and I'll be called a nym-shifting racist
    > homophobe yet no one will address the issue; no one will fix Linux. The
    > security hole will continue and hackers will continue to exploit Linux
    > unbeknownst to the users.
    >
    > The security holes in Linux will persist and Linux Loonies will pat
    > themselves on the back for 10 new Linux distributions and Roy S. will spam
    > C.O.L.A with 100 new posts announcing the new, redundant Linux distributions
    > and Mark Kent will laude his OCD as a benefit to the Linux cause. The
    > community focuses on destroying Microsoft and deludes themselves into
    > thinking GPL 3 will do it. I expect ridicule from the Linux Advocates for
    > sharing my wisdom. The ridicule only affirms the accuracy of my statements.
    >
    > Shakespeare observed in King Lear, "Wisdom and goodness to the vile seem
    > vile: Filths savor but themselves" (Act IV, Scene II). Such is the sad
    > state of the Linux community.
    >
    >
    >
    > * The three data points used to support the 'Cult of Personality culture'
    > observation would include Linus, Stallman and Larry Wall.


    The fact remains that I have been running three or more computers on a
    home network accessible to the internet via a broadbanc connection for
    over five years - online 24/7/365 - and have NEVER seen a malware
    infestation. Do I care why?


  7. Re: Security, Linux and the Roving Bug

    Cassandra wrote:

    >Her


    Stupid fscking cross-posting troll.

    *plonk*


  8. Re: Security, Linux and the Roving Bug

    CptDondo wrote:
    > Nedd Ludd wrote:
    >>
    >> The features of the phone such are the way the firmware is updated are
    >> executed by Linux.

    >
    > Please document this. Non-linux phones cannot be updated?
    >
    >> The vulnerability on these phones is a result of Linux.

    >
    > Please document this. Non-linux-based phones don't have this
    > vulnerability?
    >
    >> The Roving Bug is a huge security hole in these phones.

    >
    > Yes.
    >
    >> Its presents and exploitation is facilitated by Linux.

    >
    > Please document this. Non-linux phones don't have this vulnerability?

    Me thinks the lady doth protest too much, CptDondo.

    It sounds like the Microsoft patent hype. Lots of claims, but, no
    specifics are offered that we can verify.

    I am willing to bet my favorite ham in Mohamed's frig. that this is a
    plant by felon Microsoft trolls.

  9. Re: Security, Linux and the Roving Bug

    Oldtech wrote:
    > CptDondo wrote:
    >> Nedd Ludd wrote:
    >>> The features of the phone such are the way the firmware is updated are
    >>> executed by Linux.

    >> Please document this. Non-linux phones cannot be updated?
    >>
    >>> The vulnerability on these phones is a result of Linux.

    >> Please document this. Non-linux-based phones don't have this
    >> vulnerability?
    >>
    >>> The Roving Bug is a huge security hole in these phones.

    >> Yes.
    >>
    >>> Its presents and exploitation is facilitated by Linux.

    >> Please document this. Non-linux phones don't have this vulnerability?

    > Me thinks the lady doth protest too much, CptDondo.
    >
    > It sounds like the Microsoft patent hype. Lots of claims, but, no
    > specifics are offered that we can verify.
    >
    > I am willing to bet my favorite ham in Mohamed's frig. that this is a
    > plant by felon Microsoft trolls.


    Oh no doubt. It's just a slow day at work and the A/C doesn't work...

  10. Re: Security, Linux and the Roving Bug

    On Jun 28, 3:43 pm, "Cassandra" wrote:
    >
    > This issue is about a bug in Linux. This is about a known bug in Linux
    > that's been hanging around for months. It is a bug a known bug in Linux
    > that's been hanging around for months that has not been fixed. This is
    > about
    > a security hole in Linux. Windows is not the issue here. This is a Linux
    > problem and not a Windows problem.


    In typical troll fanshion, you miss the reality that non-Linux phones
    are also affected by this bug. It is an issue with the closed nature
    of the phone software add-ons, not with Linux. Indeed, the bug is
    prevaltent across many phone OS's, and seems to be a result of greedy
    corporate assholes requiring the ability to track, monitor, and
    control what they sell to their customers. In a way, this is exactly
    the kind of thing you expect from DRM and similar scheme, where the
    backdoors deliberately introduced by the seller becomes a huge
    security hole that gets exploited.

    This is really not surprising, and the Washington wiretap scandal
    revealed that many of the cell carriers were not only turning over
    more info than required by law, but often even more info than the
    government was actually asking for.

    If the phone software were completely open sourced, this would not be
    a problem. However, as far as I know, not a single phone manufacurer
    has released the source code for their phone software into the OSS
    world.

    In short, this has little or nothing to do with Linux, and everything
    to do with closed source software and proprietary bull****.

    If you would have done a bit of research first, you could have kept
    your mouth shut instead of yelling out to the world how much of a fool
    you are.

    Dean G.


  11. Re: Security, Linux and the Roving Bug

    On Jun 28, 5:05 pm, "Nedd Ludd" wrote:
    > "CptDondo" wrote in message
    >
    > news:13885j98uu1do0b@corp.supernews.com...: Cassandra wrote:
    >
    > :
    > : >
    > : > This issue is about a bug in Linux. This is about a known bug in Linux
    > : > that's been hanging around for months. It is a bug a known bug in Linux
    > : > that's been hanging around for months that has not been fixed. This is
    > : > about a security hole in Linux. Windows is not the issue here. This is
    > a Linux
    > : > problem and not a Windows problem.
    > : >
    > : >
    > :
    > : Huh?
    > :
    > : It seems to be more a bug in the cell-phone protocol/hardware. Or
    > : possibly a hardware mod to the cell phones. I can well imagine the cell
    > : phone companies would have a way to update the firmware in your phone
    > : remotely.
    > :
    > : Nothing to say that it's due to linux being on the phone.
    >
    > The features of the phone such are the way the firmware is updated are
    > executed by Linux.


    Not at all.

    > The vulnerability on these phones is a result of Linux.


    No, the vulnerability is the result of the phone manufacurers using
    known bad security practices. The updates are done automatically with
    root level access. This is similar to how Windows Update works when
    set to automatic, but not how Linux normally works. With Linux, the
    root user would have to log on to do this, and by default, remote root
    access is disabled.

    Sorry, Charlie, you are not only wrong, but it is obvious you don't
    really have a clue what you are pontificating so loudly about.

    Dean G.



  12. Re: Security, Linux and the Roving Bug

    On Jun 28, 4:10 pm, "Nedd Ludd" wrote:

    To summarize faulty logic:
    Cell phones are vulnerable to hackers via the 'Roving Bug'.

    This is true. Many phones suffer this problem, regardless of the OS
    they use

    Hackers include the government but also juvenile "l33t haxor"
    brats.

    Irrlelevant, but true.

    The cell phones that are vulnerable include the Razr which runs
    Linux.

    True, but only half the truth. Many phones, including non-Linux phones
    suffer from the same problem.

    Linux has a huge security vulnerability.

    You have completely failed to demonstrate such a claim. You offer no
    evidence, make no attempt to actually identify the cause, nor do you
    even consider the possibility that it is a hardware issue.

    The open source community has known about the vulnerability.

    There is no evidence that it is an open source issue. Indeed, since
    this affects non-Linux phones, it is more likely that it is not an OSS
    issue.

    The open source community has done nothing to fix the
    vulnerability.

    The OSS community has nothing to fix. There is a problem with the
    phones, and the manufacturers should address this issue. If they need
    help, they can release their source code under and OSS license and the
    OSS community would be glad to help. Until such a time, it is a closed
    source problem, and the blame properly rests on the people who chose
    to keep this a secret instead of being open about it.

    Linux's security vulnerabilities persist.

    Actually, there are likely still a few, but less and less all the
    time. Unfortunately for loud mouthed fools, the roaming bug is not one
    of them.

    Also, in the spirit of charity, I offer my assitance to the phone
    companies at reasonable market rates. If they need help administering
    their Linux set ups, I would be delighted to help. My first piece of
    advice is free : Remote root access is disabled by default for a very
    good reason.

    Dean G.



  13. Re: Security, Linux and the Roving Bug

    On Jun 28, 5:27 pm, ray wrote:

    > The incompleteness theorm has nothing to do with finiteness at all. It
    > merely says that there are statements which are not mathematcially
    > provable to be either true or false - i.e. mathematical theory is
    > 'incomplete'.


    Close, but it says just a bit more. It says this is true for all
    formal systems, not just mathematics.

    >
    > The fact remains that I have been running three or more computers on a
    > home network accessible to the internet via a broadbanc connection for
    > over five years - online 24/7/365 - and have NEVER seen a malware
    > infestation. Do I care why?


    Most people who have zombieware do not know it. There are several
    million Windows boxes that have been so compromised, and most of these
    users would undoubtedly rid themselves of the problem if they only
    knew about it.

    Indeed, in the spirit of Godel, logic, and mathematics, let's not
    fool ourselves : You cannot prove you do NOT have a malware issue.

    Dean G.



  14. Re: Security, Linux and the Roving Bug

    "Dean G." wrote:
    >

    .... snip ...
    >
    > Most people who have zombieware do not know it. There are several
    > million Windows boxes that have been so compromised, and most of
    > these users would undoubtedly rid themselves of the problem if
    > they only knew about it.


    They usually know about it. They don't know how to eliminate
    and/or avoid it in the first place.

    --



    cbfalconer at maineline dot net



    --
    Posted via a free Usenet account from http://www.teranews.com


  15. Re: Security, Linux and the Roving Bug

    CptDondo wrote:
    >

    .... snip ...
    >
    > As to the "horror story" - why don't they get a prepaid phone? Or
    > do away with cell phones altogether? Or stuff the damn things into
    > a sock while they're not using them? Christ, people used to live
    > their whole lives without cell phones.


    The ideal solution. :-) Also, much cheaper.

    --



    cbfalconer at maineline dot net


    --
    Posted via a free Usenet account from http://www.teranews.com


  16. Re: Security, Linux and the Roving Bug

    CptDondo wrote:

    > Oh no doubt. It's just a slow day at work and the A/C doesn't work...


    Windows-based controller?

    --

    David L. Johnson

    Arguing with an engineer is like mud wrestling with a pig...
    You soon find out the pig likes it!

  17. Re: Security, Linux and the Roving Bug


    "CptDondo" wrote in message
    news:13885j98uu1do0b@corp.supernews.com...
    > Cassandra wrote:
    >
    >>
    >> This issue is about a bug in Linux. This is about a known bug in Linux
    >> that's been hanging around for months. It is a bug a known bug in Linux
    >> that's been hanging around for months that has not been fixed. This is
    >> about a security hole in Linux. Windows is not the issue here. This is
    >> a Linux
    >> problem and not a Windows problem.
    >>
    >>

    >
    > Huh?


    Duh. Read it again Einstein.

    > It seems to be more a bug in the cell-phone protocol/hardware. Or possibly
    > a hardware mod to the cell phones. I can well imagine the cell phone
    > companies would have a way to update the firmware in your phone remotely.
    >
    > Nothing to say that it's due to linux being on the phone.


    Then read it again.


    > The only reason it's not *also* a windows problem is that windows can't
    > possibly run on a cellphone....


    http://www.windowsfordevices.com/art...468909181.html

    Do you have any other clueless comments you'd like to make Cpt Dungo?


    > As to the "horror story" - why don't they get a prepaid phone?

    Because prepaid phones suck.

    > Or do away with cell phones altogether?

    Sure. And let's do away with electricity too.


    > Or stuff the damn things into a sock while they're not using them?
    > Christ, people used to live their whole lives without cell phones.

    And people used to live their whole lives without air travel or cars. So
    let's all go back to riding donkeys and living in caves.





    --
    Posted via a free Usenet account from http://www.teranews.com


  18. Re: Security, Linux and the Roving Bug

    In article , Cassandra wrote:
    > Linux advocate's reply is that, Linux's architecture makes it impossible to
    > hack.


    Dead on arrival in the first paragraph. Nobody who actually knows anything
    about operating system architecture and/or security would make such a claim.

    The threats against Linux tend to be of a different nature than those
    against Windows. The latter tend to be aimed at end users due to Windows'
    architecture which requires most users to work full-time in an administrative
    account to make use of their systems. This combined with the active
    scripting that Microsoft is so fond of embedding in all types of content
    makes Windows a virus writer's dream environment in terms of attacking
    through end users. (Remember the first major wave of PC-based viruses?
    It was when Microsoft introduced the "auto-execute macro" in Word documents,
    initially with no way to disable them. This turned ordinary documents
    into potential vectors for infections.)

    In contrast, the threats against Linux (and other Unix-based systems)
    tend to be based on attacking public services. As you may recall, the
    first Internet worm in 1988 virtually shut down the entire Net by taking
    advantage of a bug in the finger daemon in Berkeley-derived variants of
    Unix. Unix-based utilities such as sendmail, bind, and others have a long
    history of security flaws. Anyone with any sense will tell you that if
    you hook up an old, unmaintained Linux system running public services to
    the Internet it will likely be hacked and rooted in short order. On the
    other hand, Windows-style attacks on end users are much less fruitful
    due to user accounts with limited privileges and a lower incidence of
    script-triggered automation features in end-user applications.

    --
    Roger Blake
    (Subtract 10s for email.)

  19. Re: Security, Linux and the Roving Bug

    "Cassandra" wrote in
    news:bJCdnZBigMvgjRnbnZ2dnUVZ_veinZ2d@comcast.com:

    > Her advocates claim Linux is more secure than Windows and as proof
    > they offer
    > the list of viruses that target Windows.


    And the lack of viruses that target Linux.

    > The rebuttal is typically that
    > Window is an attractive target for virus writers due to its ubiquity.


    Its ubiquity and its lack of security. It's the low hanging fruit of
    the software world.

    > The
    > Linux advocate's reply is that, Linux's architecture makes it
    > impossible to hack.


    No they don't. they say it is more difficult for a virus to prosper on
    a linux system.

    Linux can be hacked, indeed Linux has been hacked, though the damage
    that a hacker can do is limited in Linux compared to Windows.

    > I think we've all seen this exchange.


    I've certainly seen Trolls like you talk about this fictitious exchange,
    does that count?

    Snip the rest of the trolling attempt.

  20. Re: Security, Linux and the Roving Bug

    CBFalconer wrote:

    >"Dean G." wrote:
    >>

    >... snip ...
    >>
    >> Most people who have zombieware do not know it. There are several
    >> million Windows boxes that have been so compromised, and most of
    >> these users would undoubtedly rid themselves of the problem if
    >> they only knew about it.

    >
    >They usually know about it.


    Not in my experience. Not until things get REALLY bad.

    >They don't know how to eliminate


    That's for sure. Virus scanners? Worthless!

    >and/or avoid it in the first place.


    Blame M$ for encouraging (indeed, almost requiring) users to run as
    admin.


+ Reply to Thread
Page 1 of 2 1 2 LastLast