Red Hat, Fedora Servers Compromised

scheistermeister

https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Slowhand

royal wrote:

Vista's x64 support was also much better than XP's.

You know, I've been thinking about this for a while. I remember when the rumors first started going around about Vista, back as early as 2004 and 2005. I had conversation after conversation with people who were convinced that Vista would be 64-bit only. Then, as the time grew closer to launch, people were worried because so few applications were being released for 64-bit platforms. (Oddly enough, I remember talking to someone from Adobe about a version of Photoshop that was 64-bit, all the way back in '05.)

Then, when the launch came around, it turned out that Vista was, in fact, being released in both 32 and 64-bit incarnations. I didn't really think much of that, until I started hearing about the complaints of slowness, of crashing, etc. Then, one after another, my colleagues and friends began installing the 64-bit edition of Vista (Ultimate, of course,) and they found something pretty cool out: this was the way Vista was designed to run. Even when emulating a 32-bit environment for 32-bit software, their machines seemed to be running faster and smoother than they had in 32-bit native. Given, they still had to beef up to well beyond the recommended hardware specs, but that's true for the last few generations of operating systems as well. (I've got 1GB of PC2700 RAM in the old clunker I still use, and XP SP3 runs like a snail in molasses.)

So here's my thought on Vista's performance woes: maybe, just maybe, Microsoft did hope to release a 64-bit only operating system, but were forced to rethink that plan when they began to see that, while AMD and Intel were releasing x64 CPUs, the software industry didn't seem to be pushing to release applications to take advantage of the hardware. Of course, the paradox here is that, without a widespread 64-bit OS, there would be nothing to install the 64-bit apps on; and because there were so few 64-bit apps, the corresponding OS wouldn't become widespread. We've seen it with Microsoft's own software, like Exchange, that 64-bit is the way they're going, and soon. Maybe they were hoping to kick the hardware industry down the road of progress faster than they are currently doing it.

We'll just have to wait and see. Maybe, in a year from now, when we finally begin to see 64-bit versions of everything people buy for their machines come out, Vista will have become as much of a fixture as XP is, and XP will begin to take the place that Windows 2000 held for years: "the older, clunkier version of my 'real OS', in case of an emergency".

dynamik

Russ, I'm not trying to fan the flames or anything, but can you describe the issues you've been having with Vista? I'm genuinely curious.

royal

Speaking about 64-bit versions. Windows 7 will still be both x86/x64 and Windows 7 server will be x64 only. We'll see...

RussS

HeroPsycho - what, the debate is over because you say so?

Sorry, but ill-informed I am not. you may believe every press release that comes out of Redmond but out in the real world we tend to be a bit more cynical.
As far as XP being more secure than Vista - I never claimed that and never will. I claimed Vista is a bloated unweidly pig that follows in the tradition of ME. If you have been around the IT business for a few years you will notice that MS has a habit of rolling out a dog every 3 or so releases ... just following suit with Vsta. Sorry to shake your world, but Vista is NOT the answer to a secure system.
Like to know what would go a long way towards that end? Completely disallowing software to link into the OS. Force the software companies to write software that runs in its own space and does not use shared dll files and you are making a giant leap in the right direction. Oh, and that includes Microsofts own software - such as Internet Explorer and Office suites.

royal - exactly, as in per one of my earlier posts ...

now, back on topic ..... there will always be security loopholes in software and operating systems - it is the nature of the beast. While many Mac and *nix people like to pontificate at how secure their OS is I would put forth the argument that the reason they appear to be so secure is that because they are not as widespread as MS operating systems it makes the results vs effort a bad equation for the script kiddies.

Basically - all OS have security issues. How they effect end users depends on many different parameters but basically keeping an OS up to date with the current patches goes a long way to that end, however if they are not educated correctly and click on every single attachment and pop-up they see then it doesn't matter how well pacthed they are, the chances of them getting bitten are vastly elevated.

dynamik - Mostly around assorted applications used by a large number of our clents. We have several hundred SMEs on our books and have many issues relating to accounting, real estate management and medical software available locally resulting in database corruptions. I am not a coder myself so I can not pinpoint exactly where the issue lays, but according to my pet propellorhead and the guys from the software companies it is in the backend of Vista.

HeroPsycho

RussS wrote:

HeroPsycho - what, the debate is over because you say so? Sorry, but ill-informed I am not. you may believe every press release that comes out of Redmond but out in the real world we tend to be a bit more cynical.
As far as XP being more secure than Vista - I never claimed that and never will. I claimed Vista is a bloated unweidly pig that follows in the tradition of ME. If you have been around the IT business for a few years you will notice that MS has a habit of rolling out a dog every 3 or so releases ... just following suit with Vsta. Sorry to shake your world, but Vista is NOT the answer to a secure system.

The debate was over when you failed to give anything factual in the debate.

Case in point, you keep insinuating that I'm a pawn of Microsoft, when I'm not. Someone who likes Vista is not necessarily a pawn of Microsoft, or believes every press release that comes out of Redmond just because they don't agree with you. You also seem to think I don't work in the real world. I've been working with computers for a long time, and I've done work for health care providers, financial companies, lawyers, federal agencies, health insurance companies, real estate agents, marketing companies, and more. Your experience isn't any more real than mine. It's insulting and disrespectful to hear you insinuate otherwise. You're not correct in any of that in the slightest degree. That's a fact.

RussS wrote:

dynamik - Mostly around assorted applications used by a large number of our clents. We have several hundred SMEs on our books and have many issues relating to accounting, real estate management and medical software available locally resulting in database corruptions. I am not a coder myself so I can not pinpoint exactly where the issue lays, but according to my pet propellorhead and the guys from the software companies it is in the backend of Vista.

Translation: you don't know what the root cause was.

The one thing you said is how to make a secure OS. To that, I'll respond that first off, Vista comes closer to that than XP by virtualizing changes limited users make to protected folders and registry keys, so that even if DLL's or registry settings are altered, they're altered on a per user basis unless the user elevates to admin. Also, programs that try to do these types of tie ins are also virtualized to keep them from alterning shared components, although this can be bypassed and isn't perfect. That is, once again, substantially more secure than XP. Is it security nirvana? No, but it's progress.

Secondly, if shared dll's are the root of all security evil, why are there vulnerabilities in linux, unix, and MacOS X? How does those machines still get compromised?

RussS

Translation: you don't know what the root cause was.

Correct - and I stated that I was not a coder. I am not a coder myself so I can not pinpoint exactly where the issue lays I also started that our pet propellorhead and the coders from the software companies we have been dealing with say that it is in Vista where the issue lies with the problems my clients have been experiencing. Those guys are so far about my ability that I don't bother questioning them - I have far more important things to do.

Now as far as insinuating that you are a pawn of MS ... nope, I asked what I considered to be a valid question based on your zealous defense of Vista. You took that as a personal attack, and since that is something I find from most MS employees the mistake is quite obvious

I mentioned this debate at a MS licencing seminar today and people thought I was way off base calling Vista another ME. ME was a rushed product put out as an interim measure whereas Vista is a whole new release. Comparing them is being unfair to ME

HeroPsycho

RussS wrote:

I also started that our pet propellorhead and the coders from the software companies we have been dealing with say that it is in Vista where the issue lies with the problems my clients have been experiencing. Those guys are so far about my ability that I don't bother questioning them - I have far more important things to do.

That doesn't make your point to us. If you don't know what the root cause was, it doesn't prove the problem was Vista. Period. Great if THEY know, and that convinced you, but that doesn't make it true.

What would make it true is:

"We were attempting to use Software Product X. Their tech support has said it doesn't work with Vista because of Y. OR... We found that on Vista this app causes these issues, and the reasons are because Z. Here are links (unbiased and factual) to back that up."

That's not being zealous. That's being honest, truthful, and unbiased. You're not giving anyone anything concrete to examine. I have no problem with people who have had issues with Vista that are substantiated. I have problems with people who say Vista sucks and time and time again can't show with anything concrete what their difficulties were that would be anything beyond the run of the mill issues you'd have with any OS change, especially one that is a major revision like Vista is.

sprkymrk

Since Russ is an admin on this site, he probably won't nix this thread because it would seem biased. I do not moderate this particular forum but would like to suggest either one of two things:

1. Split the topic. It has gotten WAY off the original RedHat/Fedora security issue. Move all the Vista related posts to a new thread.

or

2. Make all subsequent posts back on topic. That means comment on the OPs link regarding the RedHat/Fedora article.

Hero and Russ - agree to disagree maybe?

RussS

Oh they know alright HeroPsycho as most of what we reported has been verified by other sources. I like to leave that stuff to those that enjoy doing beta testing, because IMHO Vista SP1 is just another beta release

Personally I leave debugging to those that enjoy that stuff and prefer delivering a solid and dependable solution to my clients. That we think Vista is crap however does not indicate a deep rooted dislike for MS products however and although my company has a broad focus and supports Novell, *nix, MAC and MS operating systems on the whole we structure MS based solutions. We consider the ability to tailor a solution to suit a clients needs based on a wide range or criteria as more important than following a strict adherance to a product line.

dynamik

sprkymrk wrote:

Hero and Russ - agree to disagree maybe?

That sounds like a good idea. I think all the technical arguments have been made. It can only get (more) personal from here

datchcha

Only issue i had with Vista earlier on, was that Exchange Tools didn't work. I am hooked on Vista and will never go back, but with that being said...i still love my Fedora 9 or centos for network utilities.

Slowhand

In an effort to get the thread back on track, I think I'll pull a royal:
"What's Vista?"

Have there been any reported incidents resulting from these latest vulnerabilities in Red Hat and Fedora? Any particular organizations affected, or has everything been diligently patched and we're moving on?