[Ambassadors] New Trojan Threatens Mac OS X, Linux Machines
Dan Mashal
dan.mashal at gmail.com
Mon Sep 3 14:04:59 UTC 2012
Whether it's the security list or the social list or the arm list or the
marketing, people should know. We've got way too much fragmentation in my
opinion.
I didn't know until last night.
And the article in the original email of this thread is very vague.
Maybe we should have some kind of "fedora-news" list for important topics
such as this instead of 50 specific "on topic" lists. I don't know. It's
quite alarming and it feels like there is too much information to keep up
with to stay up to date.
--
So you guys on the security list knew about it for a week, does that mean
I should have been subscribed to the security list or just psychically know
about this cross platform security flaw that is huge, or subscribe to the
CVE mailing list, or read every single article on Slashdot?
The java hole is going to affect tons of people regardless of what OS their
on.
The hypocrisy is amazing sometimes.
Honestly, you sound like an Oracle/Sun employee trying to cover up a Java
flaw right now (I know you're not).. I really don't know what to think.
My main point here is people have a right to discuss any topic they feel
necessary. Yes, I agree with you: the ambassadors list probably wasn't the
right place for it, but I'm glad somebody sent something and I saw someone
bring it up in #Fedora otherwise I wouldn't have known.
Welcome to the information age.
Dan
On Mon, Sep 3, 2012 at 6:56 AM, Tristan Santore <
tristan.santore at internexusconnect.net> wrote:
> On 03/09/12 14:52, Dan Mashal wrote:
> > If you really think Fedora, or any other OS is bullet proof, you've got
> > other issues.
> >
> > In fact in my original reply I said that this was a bunch of BS.
> >
> > Someone actually came in to #Fedora last night and mentioned the Java
> > security flaw, which is an actual real flaw that is cross platform
> > (Windows,OSX,Unix).
> >
> > Thanks,
> > Dan
> >
> > On Mon, Sep 3, 2012 at 6:50 AM, Tristan Santore
> > <tristan.santore at internexusconnect.net
> > <mailto:tristan.santore at internexusconnect.net>> wrote:
> >
> > On 03/09/12 14:47, Dan Mashal wrote:
> > > This is not a "bug" thread, it's a discussion thread.
> > >
> > > Yes, after updating to 1.7.0.7 open and closed jdk/jre 32/64bit
> that
> > > hole is closed.
> > >
> > > Thanks.
> > >
> > > Dan
> > >
> > > On Mon, Sep 3, 2012 at 6:46 AM, Tristan Santore
> > > <tristan.santore at internexusconnect.net
> > <mailto:tristan.santore at internexusconnect.net>
> > > <mailto:tristan.santore at internexusconnect.net
> > <mailto:tristan.santore at internexusconnect.net>>> wrote:
> > >
> > > On 03/09/12 11:39, Álvaro Castillo wrote:
> > > > You see these is Java but free. On Java always exist bugs,
> > exploits,
> > > > trojans.... Difference Java Oracle between OpenJDK avoid one
> is
> > > > privative and other is free. Is speed fixing issues.
> > > >
> > > > On Sep 3, 2012 6:17 AM, "Dan Mashal" <dan.mashal at gmail.com
> > <mailto:dan.mashal at gmail.com>
> > > <mailto:dan.mashal at gmail.com <mailto:dan.mashal at gmail.com>>
> > > > <mailto:dan.mashal at gmail.com <mailto:dan.mashal at gmail.com>
> > <mailto:dan.mashal at gmail.com <mailto:dan.mashal at gmail.com>>>> wrote:
> > > >
> > > > I think this is a bigger deal:
> > > >
> > > > https://bugzilla.redhat.com/show_bug.cgi?id=852051
> > > >
> > > > Dan
> > > >
> > > > On Sun, Sep 2, 2012 at 9:23 AM, Jon <jdisnard at gmail.com
> > <mailto:jdisnard at gmail.com>
> > > <mailto:jdisnard at gmail.com <mailto:jdisnard at gmail.com>>
> > > > <mailto:jdisnard at gmail.com <mailto:jdisnard at gmail.com>
> > <mailto:jdisnard at gmail.com <mailto:jdisnard at gmail.com>>>> wrote:
> > > >
> > > > I believe the OP was referring to this (?):
> > > >
> > > >
> http://www.f-secure.com/weblog/archives/00002400.html
> > > >
> > > > It's from July, but I keep seeing the same news
> > appear on
> > > > different sites.
> > > > I do believe they are all referring to the above
> link.
> > > > That is unless the kit has been taken, modified,
> > adapted,
> > > evolved,
> > > > etc... into something new.
> > > >
> > > >
> > > > Best regards,
> > > > -Jon
> > > >
> > > >
> > > >
> > > >
> > > > On Sun, Sep 2, 2012 at 6:26 AM, Dan Mashal
> > > <dan.mashal at gmail.com <mailto:dan.mashal at gmail.com>
> > <mailto:dan.mashal at gmail.com <mailto:dan.mashal at gmail.com>>
> > > > <mailto:dan.mashal at gmail.com
> > <mailto:dan.mashal at gmail.com>
> > > <mailto:dan.mashal at gmail.com <mailto:dan.mashal at gmail.com>>>>
> > wrote:
> > > > > Really the only ways to get in are the following:
> > > > >
> > > > > 1) CVEs on the packages in the stable repo
> > > > > 2) Vulnerabilities in software such as web
> browsers
> > > > > 3) Sniffing unecnrypted data
> > > > > 4) dictionary attacks
> > > > > 5) network scanning/port vulnerabilities
> > > > > 6) Pushing out fake updates with back doors.
> > > > >
> > > > > Again, that was the god old days.
> > > > >
> > > > > Dan
> > > > >
> > > > >
> > > > > On Sun, Sep 2, 2012 at 4:22 AM, Álvaro Castillo
> > > > <netsys at fedoraproject.org
> > <mailto:netsys at fedoraproject.org>
> > > <mailto:netsys at fedoraproject.org
> > <mailto:netsys at fedoraproject.org>> <mailto:netsys at fedoraproject.org
> > <mailto:netsys at fedoraproject.org>
> > > <mailto:netsys at fedoraproject.org
> > <mailto:netsys at fedoraproject.org>>>>
> > > > > wrote:
> > > > >>
> > > > >> I think a lot vuln about DDos on kernel or
> software
> > > that can
> > > > solved with
> > > > >> update your system (built) patchs. And know about
> > Java too
> > > > that can be
> > > > >> opened door for exploits and daemons runs on
> > shadows. About
> > > > trojans on
> > > > >> Linux... dont know. All software is downloaded of
> > repos or
> > > > .tar directly...
> > > > >> Maybe passes such as Debian with OpenSSL (never
> > be sure.)
> > > > >>
> > > > >> Is true that 100% is not exist on security. If
> > you have
> > > > paranoia, try
> > > > >> OpenBSD, but remember, never be sure with
> something
> > > built by
> > > > human as have
> > > > >> said this.
> > > > >>
> > > > >> On Sep 2, 2012 3:05 AM, "Danishka Navin"
> > > <danishka at gmail.com <mailto:danishka at gmail.com>
> > <mailto:danishka at gmail.com <mailto:danishka at gmail.com>>
> > > > <mailto:danishka at gmail.com
> > <mailto:danishka at gmail.com> <mailto:danishka at gmail.com
> > <mailto:danishka at gmail.com>>>>
> > > wrote:
> > > > >>>
> > > > >>> Is this true? (for Linux)
> > > > >>>
> > > > >>>
> > > >
> > >
> >
> http://news.efytimes.com/e1/89929/New-Trojan-Threatens-Mac-OS-X-Linux-Machines
> > > > >>>
> > > > >>> Btw, I could not find any source other than this.
> > > > >>>
> > > > >>> Thanks,
> > > > >>> --
> > > > >>> Danishka Navin
> > > > >>> http://danishkanavin.blogspot.com
> > > > >>> http://twitter.com/danishkanavin
> > > > >>> http://www.flickr.com/photos/danishkanavin/
> > > > >>>
> > > > >>>
> > > > >>>
> > > >
> > > >
> > > > --
> > > >
> > > > -Jon
> > > > --
> > > > ambassadors mailing list
> > > > ambassadors at lists.fedoraproject.org
> > <mailto:ambassadors at lists.fedoraproject.org>
> > > <mailto:ambassadors at lists.fedoraproject.org
> > <mailto:ambassadors at lists.fedoraproject.org>>
> > > > <mailto:ambassadors at lists.fedoraproject.org
> > <mailto:ambassadors at lists.fedoraproject.org>
> > > <mailto:ambassadors at lists.fedoraproject.org
> > <mailto:ambassadors at lists.fedoraproject.org>>>
> > > >
> > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> > > >
> > > >
> > > >
> > > > --
> > > > ambassadors mailing list
> > > > ambassadors at lists.fedoraproject.org
> > <mailto:ambassadors at lists.fedoraproject.org>
> > > <mailto:ambassadors at lists.fedoraproject.org
> > <mailto:ambassadors at lists.fedoraproject.org>>
> > > > <mailto:ambassadors at lists.fedoraproject.org
> > <mailto:ambassadors at lists.fedoraproject.org>
> > > <mailto:ambassadors at lists.fedoraproject.org
> > <mailto:ambassadors at lists.fedoraproject.org>>>
> > > >
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> > > >
> > > >
> > > >
> > > > --
> > > > ambassadors mailing list
> > > > ambassadors at lists.fedoraproject.org
> > <mailto:ambassadors at lists.fedoraproject.org>
> > > <mailto:ambassadors at lists.fedoraproject.org
> > <mailto:ambassadors at lists.fedoraproject.org>>
> > > > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> > > These issues are now fixed. packages have just been pushed
> out, so
> > > please can be now close this thread. It is not in the right
> place
> > > any way.
> > >
> > > Thank you.
> > >
> > > Regards,
> > > Tristan
> > >
> > > --
> > > Tristan Santore BSc MBCS
> > > TS4523-RIPE
> > > Network and Infrastructure Operations
> > > InterNexusConnect
> > > Mobile +44-78-55069812 <tel:%2B44-78-55069812>
> > <tel:%2B44-78-55069812>
> > > Tristan.Santore at internexusconnect.net
> > <mailto:Tristan.Santore at internexusconnect.net>
> > > <mailto:Tristan.Santore at internexusconnect.net
> > <mailto:Tristan.Santore at internexusconnect.net>>
> > >
> > > Former Thawte Notary
> > > (Please note: Thawte has closed its WoT programme down,
> > > and I am therefore no longer able to accredit trust)
> > >
> > > For Fedora related issues, please email me at:
> > > TSantore at fedoraproject.org <mailto:TSantore at fedoraproject.org>
> > <mailto:TSantore at fedoraproject.org <mailto:
> TSantore at fedoraproject.org>>
> > > --
> > > ambassadors mailing list
> > > ambassadors at lists.fedoraproject.org
> > <mailto:ambassadors at lists.fedoraproject.org>
> > > <mailto:ambassadors at lists.fedoraproject.org
> > <mailto:ambassadors at lists.fedoraproject.org>>
> > > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> > >
> > >
> > >
> > >
> > > --
> > > ambassadors mailing list
> > > ambassadors at lists.fedoraproject.org
> > <mailto:ambassadors at lists.fedoraproject.org>
> > > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> > This does not really belong on the ambassadors list! The only reason
> why
> > I even responded to any of this in the beginning, was to stop any
> kind
> > of disinformation about Fedora being insecure, from spreading out.
> >
> > People tend to believe any kind of little snippet of disinformation.
> >
> > Regards,
> >
> > Tristan
> >
> > --
> > Tristan Santore BSc MBCS
> > TS4523-RIPE
> > Network and Infrastructure Operations
> > InterNexusConnect
> > Mobile +44-78-55069812 <tel:%2B44-78-55069812>
> > Tristan.Santore at internexusconnect.net
> > <mailto:Tristan.Santore at internexusconnect.net>
> >
> > Former Thawte Notary
> > (Please note: Thawte has closed its WoT programme down,
> > and I am therefore no longer able to accredit trust)
> >
> > For Fedora related issues, please email me at:
> > TSantore at fedoraproject.org <mailto:TSantore at fedoraproject.org>
> > --
> > ambassadors mailing list
> > ambassadors at lists.fedoraproject.org
> > <mailto:ambassadors at lists.fedoraproject.org>
> > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> >
> >
> >
> >
> > --
> > ambassadors mailing list
> > ambassadors at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/ambassadors
> Irrelevant. Not what I ever suggested any way. But this is still the
> ambassadors list, not the security list. And even on the security list,
> this was a known issue for a week. So, even then it would have been
> irrelevant by then.
>
> So, maybe we can let this list come back to on topic posts now.
>
> Thank you.
>
> Tristan
>
> --
> Tristan Santore BSc MBCS
> TS4523-RIPE
> Network and Infrastructure Operations
> InterNexusConnect
> Mobile +44-78-55069812
> Tristan.Santore at internexusconnect.net
>
> Former Thawte Notary
> (Please note: Thawte has closed its WoT programme down,
> and I am therefore no longer able to accredit trust)
>
> For Fedora related issues, please email me at:
> TSantore at fedoraproject.org
> --
> ambassadors mailing list
> ambassadors at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/ambassadors
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/ambassadors/attachments/20120903/dbff4ec2/attachment.html>
More information about the ambassadors
mailing list