Usually, LINUX users like to look derisively at those who use Windows and Macs and their security issues. And laugh about how secure they perceive themselves to be. Here’s an example of where that isn’t true. According to an article at Ars Technica, a major security bug faces Linux users, akin to the one recently found in Apple’s iOS and OS X. Here’s what the article says:
“The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical ‘goto fail’ flaw that for months put users of Apple’s iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug.”
As the quote states, Apple has fixed this bug. However, LINUX users are at the mercy of many vendors of different versions of the operating system rather than having to deal with a single company. Thus one vendor might fix it, but others may not be so quick to do so. Red Hat, Debian, and Ubuntu among others have this bug. So one has to wonder what these companies plan to do to address this issues and how long will it take to do so.
Like this:
Like Loading...
Related
This entry was posted on April 7, 2014 at 7:12 am and is filed under Commentary with tags LINUX, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
LINUX Suffers From Serious Encryption Bug
Usually, LINUX users like to look derisively at those who use Windows and Macs and their security issues. And laugh about how secure they perceive themselves to be. Here’s an example of where that isn’t true. According to an article at Ars Technica, a major security bug faces Linux users, akin to the one recently found in Apple’s iOS and OS X. Here’s what the article says:
“The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical ‘goto fail’ flaw that for months put users of Apple’s iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug.”
As the quote states, Apple has fixed this bug. However, LINUX users are at the mercy of many vendors of different versions of the operating system rather than having to deal with a single company. Thus one vendor might fix it, but others may not be so quick to do so. Red Hat, Debian, and Ubuntu among others have this bug. So one has to wonder what these companies plan to do to address this issues and how long will it take to do so.
Share this:
Like this:
Related
This entry was posted on April 7, 2014 at 7:12 am and is filed under Commentary with tags LINUX, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.