[Ambassadors] New Trojan Threatens Mac OS X, Linux Machines
Tristan Santore
tristan.santore at internexusconnect.net
Mon Sep 3 13:56:14 UTC 2012
On 03/09/12 14:52, Dan Mashal wrote:
> If you really think Fedora, or any other OS is bullet proof, you've got
> other issues.
>
> In fact in my original reply I said that this was a bunch of BS.
>
> Someone actually came in to #Fedora last night and mentioned the Java
> security flaw, which is an actual real flaw that is cross platform
> (Windows,OSX,Unix).
>
> Thanks,
> Dan
>
> On Mon, Sep 3, 2012 at 6:50 AM, Tristan Santore
> <tristan.santore at internexusconnect.net
> <mailto:tristan.santore at internexusconnect.net>> wrote:
>
> On 03/09/12 14:47, Dan Mashal wrote:
> > This is not a "bug" thread, it's a discussion thread.
> >
> > Yes, after updating to 1.7.0.7 open and closed jdk/jre 32/64bit that
> > hole is closed.
> >
> > Thanks.
> >
> > Dan
> >
> > On Mon, Sep 3, 2012 at 6:46 AM, Tristan Santore
> > <tristan.santore at internexusconnect.net
> <mailto:tristan.santore at internexusconnect.net>
> > <mailto:tristan.santore at internexusconnect.net
> <mailto:tristan.santore at internexusconnect.net>>> wrote:
> >
> > On 03/09/12 11:39, Álvaro Castillo wrote:
> > > You see these is Java but free. On Java always exist bugs,
> exploits,
> > > trojans.... Difference Java Oracle between OpenJDK avoid one is
> > > privative and other is free. Is speed fixing issues.
> > >
> > > On Sep 3, 2012 6:17 AM, "Dan Mashal" <dan.mashal at gmail.com
> <mailto:dan.mashal at gmail.com>
> > <mailto:dan.mashal at gmail.com <mailto:dan.mashal at gmail.com>>
> > > <mailto:dan.mashal at gmail.com <mailto:dan.mashal at gmail.com>
> <mailto:dan.mashal at gmail.com <mailto:dan.mashal at gmail.com>>>> wrote:
> > >
> > > I think this is a bigger deal:
> > >
> > > https://bugzilla.redhat.com/show_bug.cgi?id=852051
> > >
> > > Dan
> > >
> > > On Sun, Sep 2, 2012 at 9:23 AM, Jon <jdisnard at gmail.com
> <mailto:jdisnard at gmail.com>
> > <mailto:jdisnard at gmail.com <mailto:jdisnard at gmail.com>>
> > > <mailto:jdisnard at gmail.com <mailto:jdisnard at gmail.com>
> <mailto:jdisnard at gmail.com <mailto:jdisnard at gmail.com>>>> wrote:
> > >
> > > I believe the OP was referring to this (?):
> > >
> > > http://www.f-secure.com/weblog/archives/00002400.html
> > >
> > > It's from July, but I keep seeing the same news
> appear on
> > > different sites.
> > > I do believe they are all referring to the above link.
> > > That is unless the kit has been taken, modified,
> adapted,
> > evolved,
> > > etc... into something new.
> > >
> > >
> > > Best regards,
> > > -Jon
> > >
> > >
> > >
> > >
> > > On Sun, Sep 2, 2012 at 6:26 AM, Dan Mashal
> > <dan.mashal at gmail.com <mailto:dan.mashal at gmail.com>
> <mailto:dan.mashal at gmail.com <mailto:dan.mashal at gmail.com>>
> > > <mailto:dan.mashal at gmail.com
> <mailto:dan.mashal at gmail.com>
> > <mailto:dan.mashal at gmail.com <mailto:dan.mashal at gmail.com>>>>
> wrote:
> > > > Really the only ways to get in are the following:
> > > >
> > > > 1) CVEs on the packages in the stable repo
> > > > 2) Vulnerabilities in software such as web browsers
> > > > 3) Sniffing unecnrypted data
> > > > 4) dictionary attacks
> > > > 5) network scanning/port vulnerabilities
> > > > 6) Pushing out fake updates with back doors.
> > > >
> > > > Again, that was the god old days.
> > > >
> > > > Dan
> > > >
> > > >
> > > > On Sun, Sep 2, 2012 at 4:22 AM, Álvaro Castillo
> > > <netsys at fedoraproject.org
> <mailto:netsys at fedoraproject.org>
> > <mailto:netsys at fedoraproject.org
> <mailto:netsys at fedoraproject.org>> <mailto:netsys at fedoraproject.org
> <mailto:netsys at fedoraproject.org>
> > <mailto:netsys at fedoraproject.org
> <mailto:netsys at fedoraproject.org>>>>
> > > > wrote:
> > > >>
> > > >> I think a lot vuln about DDos on kernel or software
> > that can
> > > solved with
> > > >> update your system (built) patchs. And know about
> Java too
> > > that can be
> > > >> opened door for exploits and daemons runs on
> shadows. About
> > > trojans on
> > > >> Linux... dont know. All software is downloaded of
> repos or
> > > .tar directly...
> > > >> Maybe passes such as Debian with OpenSSL (never
> be sure.)
> > > >>
> > > >> Is true that 100% is not exist on security. If
> you have
> > > paranoia, try
> > > >> OpenBSD, but remember, never be sure with something
> > built by
> > > human as have
> > > >> said this.
> > > >>
> > > >> On Sep 2, 2012 3:05 AM, "Danishka Navin"
> > <danishka at gmail.com <mailto:danishka at gmail.com>
> <mailto:danishka at gmail.com <mailto:danishka at gmail.com>>
> > > <mailto:danishka at gmail.com
> <mailto:danishka at gmail.com> <mailto:danishka at gmail.com
> <mailto:danishka at gmail.com>>>>
> > wrote:
> > > >>>
> > > >>> Is this true? (for Linux)
> > > >>>
> > > >>>
> > >
> >
> http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Machines
> > > >>>
> > > >>> Btw, I could not find any source other than this.
> > > >>>
> > > >>> Thanks,
> > > >>> --
> > > >>> Danishka Navin
> > > >>> http://danishkanavin.blogspot.com
> > > >>> http://twitter.com/danishkanavin
> > > >>> http://www.flickr.com/photos/danishkanavin/
> > > >>>
> > > >>>
> > > >>>
> > >
> > >
> > > --
> > >
> > > -Jon
> > > --
> > > ambassadors mailing list
> > > ambassadors at lists.fedoraproject.org
> <mailto:ambassadors at lists.fedoraproject.org>
> > <mailto:ambassadors at lists.fedoraproject.org
> <mailto:ambassadors at lists.fedoraproject.org>>
> > > <mailto:ambassadors at lists.fedoraproject.org
> <mailto:ambassadors at lists.fedoraproject.org>
> > <mailto:ambassadors at lists.fedoraproject.org
> <mailto:ambassadors at lists.fedoraproject.org>>>
> > >
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> > >
> > >
> > >
> > > --
> > > ambassadors mailing list
> > > ambassadors at lists.fedoraproject.org
> <mailto:ambassadors at lists.fedoraproject.org>
> > <mailto:ambassadors at lists.fedoraproject.org
> <mailto:ambassadors at lists.fedoraproject.org>>
> > > <mailto:ambassadors at lists.fedoraproject.org
> <mailto:ambassadors at lists.fedoraproject.org>
> > <mailto:ambassadors at lists.fedoraproject.org
> <mailto:ambassadors at lists.fedoraproject.org>>>
> > > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> > >
> > >
> > >
> > > --
> > > ambassadors mailing list
> > > ambassadors at lists.fedoraproject.org
> <mailto:ambassadors at lists.fedoraproject.org>
> > <mailto:ambassadors at lists.fedoraproject.org
> <mailto:ambassadors at lists.fedoraproject.org>>
> > > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> > These issues are now fixed. packages have just been pushed out, so
> > please can be now close this thread. It is not in the right place
> > any way.
> >
> > Thank you.
> >
> > Regards,
> > Tristan
> >
> > --
> > Tristan Santore BSc MBCS
> > TS4523-RIPE
> > Network and Infrastructure Operations
> > InterNexusConnect
> > Mobile +44-78-55069812 <tel:%2B44-78-55069812>
> <tel:%2B44-78-55069812>
> > Tristan.Santore at internexusconnect.net
> <mailto:Tristan.Santore at internexusconnect.net>
> > <mailto:Tristan.Santore at internexusconnect.net
> <mailto:Tristan.Santore at internexusconnect.net>>
> >
> > Former Thawte Notary
> > (Please note: Thawte has closed its WoT programme down,
> > and I am therefore no longer able to accredit trust)
> >
> > For Fedora related issues, please email me at:
> > TSantore at fedoraproject.org <mailto:TSantore at fedoraproject.org>
> <mailto:TSantore at fedoraproject.org <mailto:TSantore at fedoraproject.org>>
> > --
> > ambassadors mailing list
> > ambassadors at lists.fedoraproject.org
> <mailto:ambassadors at lists.fedoraproject.org>
> > <mailto:ambassadors at lists.fedoraproject.org
> <mailto:ambassadors at lists.fedoraproject.org>>
> > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> >
> >
> >
> >
> > --
> > ambassadors mailing list
> > ambassadors at lists.fedoraproject.org
> <mailto:ambassadors at lists.fedoraproject.org>
> > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> This does not really belong on the ambassadors list! The only reason why
> I even responded to any of this in the beginning, was to stop any kind
> of disinformation about Fedora being insecure, from spreading out.
>
> People tend to believe any kind of little snippet of disinformation.
>
> Regards,
>
> Tristan
>
> --
> Tristan Santore BSc MBCS
> TS4523-RIPE
> Network and Infrastructure Operations
> InterNexusConnect
> Mobile +44-78-55069812 <tel:%2B44-78-55069812>
> Tristan.Santore at internexusconnect.net
> <mailto:Tristan.Santore at internexusconnect.net>
>
> Former Thawte Notary
> (Please note: Thawte has closed its WoT programme down,
> and I am therefore no longer able to accredit trust)
>
> For Fedora related issues, please email me at:
> TSantore at fedoraproject.org <mailto:TSantore at fedoraproject.org>
> --
> ambassadors mailing list
> ambassadors at lists.fedoraproject.org
> <mailto:ambassadors at lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
>
>
>
>
> --
> ambassadors mailing list
> ambassadors at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
Irrelevant. Not what I ever suggested any way. But this is still the
ambassadors list, not the security list. And even on the security list,
this was a known issue for a week. So, even then it would have been
irrelevant by then.
So, maybe we can let this list come back to on topic posts now.
Thank you.
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore at internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore at fedoraproject.org
More information about the ambassadors
mailing list