Security, Linux and the Roving Bug

"CptDondo" wrote in message
news:13885j98uu1do0b-at-corp.supernews.com...
> Cassandra wrote:
>
>>
>> This issue is about a bug in Linux. This is about a known bug in Linux
>> that's been hanging around for months. It is a bug a known bug in Linux
>> that's been hanging around for months that has not been fixed. This is
>> about a security hole in Linux. Windows is not the issue here. This is
>> a Linux
>> problem and not a Windows problem.
>>
>>
>
> Huh?

Duh. Read it again Einstein.

> It seems to be more a bug in the cell-phone protocol/hardware. Or possibly
> a hardware mod to the cell phones. I can well imagine the cell phone
> companies would have a way to update the firmware in your phone remotely.
>
> Nothing to say that it's due to linux being on the phone.

Then read it again.


> The only reason it's not *also* a windows problem is that windows can't
> possibly run on a cellphone....

http://www.windowsfordevices.com/art...468909181.html

Do you have any other clueless comments you'd like to make Cpt Dungo?


> As to the "horror story" - why don't they get a prepaid phone?
Because prepaid phones suck.

> Or do away with cell phones altogether?
Sure. And let's do away with electricity too.


> Or stuff the damn things into a sock while they're not using them?
> Christ, people used to live their whole lives without cell phones.
And people used to live their whole lives without air travel or cars. So
let's all go back to riding donkeys and living in caves.





--
Posted via a free Usenet account from http://www.teranews.com

On Jun 28, 3:43 pm, "Cassandra" wrote:
>
> This issue is about a bug in Linux. This is about a known bug in Linux
> that's been hanging around for months. It is a bug a known bug in Linux
> that's been hanging around for months that has not been fixed. This is
> about
> a security hole in Linux. Windows is not the issue here. This is a Linux
> problem and not a Windows problem.

In typical troll fanshion, you miss the reality that non-Linux phones
are also affected by this bug. It is an issue with the closed nature
of the phone software add-ons, not with Linux. Indeed, the bug is
prevaltent across many phone OS's, and seems to be a result of greedy
corporate assholes requiring the ability to track, monitor, and
control what they sell to their customers. In a way, this is exactly
the kind of thing you expect from DRM and similar scheme, where the
backdoors deliberately introduced by the seller becomes a huge
security hole that gets exploited.

This is really not surprising, and the Washington wiretap scandal
revealed that many of the cell carriers were not only turning over
more info than required by law, but often even more info than the
government was actually asking for.

If the phone software were completely open sourced, this would not be
a problem. However, as far as I know, not a single phone manufacurer
has released the source code for their phone software into the OSS
world.

In short, this has little or nothing to do with Linux, and everything
to do with closed source software and proprietary bull****.

If you would have done a bit of research first, you could have kept
your mouth shut instead of yelling out to the world how much of a fool
you are.

Dean G.

On Jun 28, 5:05 pm, "Nedd Ludd" wrote:
> "CptDondo" wrote in message
>
> news:13885j98uu1do0b-at-corp.supernews.com...: Cassandra wrote:
>
> :
> : >
> : > This issue is about a bug in Linux. This is about a known bug in Linux
> : > that's been hanging around for months. It is a bug a known bug in Linux
> : > that's been hanging around for months that has not been fixed. This is
> : > about a security hole in Linux. Windows is not the issue here. This is
> a Linux
> : > problem and not a Windows problem.
> : >
> : >
> :
> : Huh?
> :
> : It seems to be more a bug in the cell-phone protocol/hardware. Or
> : possibly a hardware mod to the cell phones. I can well imagine the cell
> : phone companies would have a way to update the firmware in your phone
> : remotely.
> :
> : Nothing to say that it's due to linux being on the phone.
>
> The features of the phone such are the way the firmware is updated are
> executed by Linux.

Not at all.

> The vulnerability on these phones is a result of Linux.

No, the vulnerability is the result of the phone manufacurers using
known bad security practices. The updates are done automatically with
root level access. This is similar to how Windows Update works when
set to automatic, but not how Linux normally works. With Linux, the
root user would have to log on to do this, and by default, remote root
access is disabled.

Sorry, Charlie, you are not only wrong, but it is obvious you don't
really have a clue what you are pontificating so loudly about.

Dean G.

On Jun 28, 4:10 pm, "Nedd Ludd" wrote:

To summarize faulty logic:
Cell phones are vulnerable to hackers via the 'Roving Bug'.

This is true. Many phones suffer this problem, regardless of the OS
they use

Hackers include the government but also juvenile "l33t haxor"
brats.

Irrlelevant, but true.

The cell phones that are vulnerable include the Razr which runs
Linux.

True, but only half the truth. Many phones, including non-Linux phones
suffer from the same problem.

Linux has a huge security vulnerability.

You have completely failed to demonstrate such a claim. You offer no
evidence, make no attempt to actually identify the cause, nor do you
even consider the possibility that it is a hardware issue.

The open source community has known about the vulnerability.

There is no evidence that it is an open source issue. Indeed, since
this affects non-Linux phones, it is more likely that it is not an OSS
issue.

The open source community has done nothing to fix the
vulnerability.

The OSS community has nothing to fix. There is a problem with the
phones, and the manufacturers should address this issue. If they need
help, they can release their source code under and OSS license and the
OSS community would be glad to help. Until such a time, it is a closed
source problem, and the blame properly rests on the people who chose
to keep this a secret instead of being open about it.

Linux's security vulnerabilities persist.

Actually, there are likely still a few, but less and less all the
time. Unfortunately for loud mouthed fools, the roaming bug is not one
of them.

Also, in the spirit of charity, I offer my assitance to the phone
companies at reasonable market rates. If they need help administering
their Linux set ups, I would be delighted to help. My first piece of
advice is free : Remote root access is disabled by default for a very
good reason.

Dean G.

On Jun 28, 5:27 pm, ray wrote:

> The incompleteness theorm has nothing to do with finiteness at all. It
> merely says that there are statements which are not mathematcially
> provable to be either true or false - i.e. mathematical theory is
> 'incomplete'.

Close, but it says just a bit more. It says this is true for all
formal systems, not just mathematics.

>
> The fact remains that I have been running three or more computers on a
> home network accessible to the internet via a broadbanc connection for
> over five years - online 24/7/365 - and have NEVER seen a malware
> infestation. Do I care why?

Most people who have zombieware do not know it. There are several
million Windows boxes that have been so compromised, and most of these
users would undoubtedly rid themselves of the problem if they only
knew about it.

Indeed, in the spirit of Godel, logic, and mathematics, let's not
fool ourselves : You cannot prove you do NOT have a malware issue.

Dean G.

"Dean G." wrote:
>
.... snip ...
>
> Most people who have zombieware do not know it. There are several
> million Windows boxes that have been so compromised, and most of
> these users would undoubtedly rid themselves of the problem if
> they only knew about it.

They usually know about it. They don't know how to eliminate
and/or avoid it in the first place.

--



cbfalconer at maineline dot net



--
Posted via a free Usenet account from http://www.teranews.com

CptDondo wrote:
>
.... snip ...
>
> As to the "horror story" - why don't they get a prepaid phone? Or
> do away with cell phones altogether? Or stuff the damn things into
> a sock while they're not using them? Christ, people used to live
> their whole lives without cell phones.

The ideal solution. :-) Also, much cheaper.

--



cbfalconer at maineline dot net


--
Posted via a free Usenet account from http://www.teranews.com

CptDondo wrote:

> Oh no doubt. It's just a slow day at work and the A/C doesn't work...

Windows-based controller?

--

David L. Johnson

Arguing with an engineer is like mud wrestling with a pig...
You soon find out the pig likes it!

In article , Cassandra wrote:
> Linux advocate's reply is that, Linux's architecture makes it impossible to
> hack.

Dead on arrival in the first paragraph. Nobody who actually knows anything
about operating system architecture and/or security would make such a claim.

The threats against Linux tend to be of a different nature than those
against Windows. The latter tend to be aimed at end users due to Windows'
architecture which requires most users to work full-time in an administrative
account to make use of their systems. This combined with the active
scripting that Microsoft is so fond of embedding in all types of content
makes Windows a virus writer's dream environment in terms of attacking
through end users. (Remember the first major wave of PC-based viruses?
It was when Microsoft introduced the "auto-execute macro" in Word documents,
initially with no way to disable them. This turned ordinary documents
into potential vectors for infections.)

In contrast, the threats against Linux (and other Unix-based systems)
tend to be based on attacking public services. As you may recall, the
first Internet worm in 1988 virtually shut down the entire Net by taking
advantage of a bug in the finger daemon in Berkeley-derived variants of
Unix. Unix-based utilities such as sendmail, bind, and others have a long
history of security flaws. Anyone with any sense will tell you that if
you hook up an old, unmaintained Linux system running public services to
the Internet it will likely be hacked and rooted in short order. On the
other hand, Windows-style attacks on end users are much less fruitful
due to user accounts with limited privileges and a lower incidence of
script-triggered automation features in end-user applications.

--
Roger Blake
(Subtract 10s for email.)

"Cassandra" wrote in
news:bJCdnZBigMvgjRnbnZ2dnUVZ_veinZ2d-at-comcast.com:

> Her advocates claim Linux is more secure than Windows and as proof
> they offer
> the list of viruses that target Windows.

And the lack of viruses that target Linux.

> The rebuttal is typically that
> Window is an attractive target for virus writers due to its ubiquity.

Its ubiquity and its lack of security. It's the low hanging fruit of
the software world.

> The
> Linux advocate's reply is that, Linux's architecture makes it
> impossible to hack.

No they don't. they say it is more difficult for a virus to prosper on
a linux system.

Linux can be hacked, indeed Linux has been hacked, though the damage
that a hacker can do is limited in Linux compared to Windows.

> I think we've all seen this exchange.

I've certainly seen Trolls like you talk about this fictitious exchange,
does that count?

Snip the rest of the trolling attempt.