NSA and FBI warn that new Linux malware threatens national security

[Blade of Grass]

11 hours ago, HM-2 said:

though Linux only comprises about 13.5% of global server market share as of 2019.

Where’s this number from? Seems way too low. 

[williamcll]

Guess I'll need to install an antivirus for my Ubuntu soon?

[mr moose]

1 hour ago, Blade of Grass said:

Where’s this number from? Seems way too low. 

It probably doesn't include web servers.  Last numbers I saw for corporate were 40-50% windows and 30-40% unix (or Unix like variant not including Linux) so it probably isn't far of for corporate/business servers).

 

From my minuscule experience in education you won't find a linux server in any Australian school (unless the sysadmin is a geek overlord with +10 to debian).  Happy to be corrected on that though, been awhile since I actually looked harder at it than a few web searches.

[straight_stewie]

9 hours ago, HM-2 said:

Explain to me how it's in anyone's interest for the NSA to provide misleading or inaccurate information when basically every infosec firm out there

I'm not saying that they are lying about this...

I'm saying that it's wrong for my government to immediately call out every other nation for doing these things, when they are doing the same exact things, and that I personally don't care what the US intelligence community has to say about the cyber-campaigns of other state intelligence communities, at least until we can get a leash on ours.

The pot calling the kettle black might make for good irony, but it certainly doesn't make good governance.

[DeScruff]

21 hours ago, Master Disaster said:

Open source is both a blessing and a curse. It means the criminals can access the entire code base with little effort but it also means the good guys can see the code and fix it without a corporate structure getting in the way.

Ya know I always kinda wondered... How exactly are exploits discovered/expanded upon.
I mean... The Linux kernel is ~27.8 million lines of code. So I struggle to believe somebody is reading it line for line then finding out "Oh hey! This 'while' loop goes on 1 more loop then necessary! this can be used as an exploit!"

[leadeater]

1 hour ago, mr moose said:

(unless the sysadmin is a geek overlord with +10 to debian)

LOL!

[Kisai]

23 hours ago, Pickles - Lord of the Jar said:

 The advisory also urged that, at a minimum, servers run Linux kernel version 3.7 or later

Meanwhile all CentOS servers are running 3.10 (CentOS7) or lower.

 

[HM-2]

4 hours ago, Blade of Grass said:

Where’s this number from?

Here - https://www.statista.com/statistics/915085/global-server-share-by-os/

 

A lot of the stats on web servers over-inflate the prevalence of Linux across the market as a whole. Most orgs run fairly large (100+) Windows server environments for corporate services, production and other user networks and may only have a comparative handful of externally-facing web servers. 

 

2 hours ago, straight_stewie said:

I'm not saying that they are lying about this...

 

12 hours ago, straight_stewie said:

It's all just nonsense bullshit

Bullshit means exactly that.

 

2 hours ago, straight_stewie said:

I'm saying that it's wrong for my government to immediately call out every other nation for doing these things

To be fair the only mention of attribution in the actual report is in the half-page executive summary. The remaining thirty-seven pages of content are deep technical analysis and to be perfectly honest aren't really designed for layman consumption at all. From the perspective of a network defender it's very useful that the group behind a campaign or malware is called out because it lets me know from their previous victimology whether or not I ought to be worrying about this. 

 

3 hours ago, straight_stewie said:

when they are doing the same exact things

I would contest the use of "exact" here. As far as I know the US intelligence community don't use their capabilities perform corporate, or steal intellectual property for the purposes of handing it over to state-owned enterprises for economic advantage.They don't conduct destructive or disruptive attacks against foreign nation's utilities, oil & gas or other critical infrastructure. None of these are generally considered "legitimate" espionage targets or activities.

 

4 hours ago, straight_stewie said:

I personally don't care what the US intelligence community has to say about the cyber-campaigns of other state intelligence communities

I would suggest that is solely because the likelihood of you ever being exposed to one in a personal or professional capacity except for as collateral damage is vanishingly small, which is not the case for a great many people and organisations. This report was written for them, not you.

[vorticalbox]

On 8/14/2020 at 1:30 PM, Vishera said:

In Linux and Mac you need to insert a password to do that.

This is mostly to protect you from yourself, asking for a password makes you think about the command you're just about to run as root. 

[Jet_ski]

On 8/14/2020 at 12:17 PM, Doobeedoo said:

Laughs in Windows

 

 

 

 

 

 

 

 

 

 

 

/s

Keep laughing just until Microsoft pushes another update that erases your files and bricks your system. lol

[Doobeedoo]

4 hours ago, Jet_ski said:

Keep laughing just until Microsoft pushes another update that erases your files and bricks your system. lol

Funny, never happened to me on multiple system or really any major issues that media sites post though.