Author Topic: The Linux security spell is broken - part 1  (Read 378 times)


  • Administrator
  • Green Belt
  • ***
  • Posts: 225
  • Karma: +0/-0
The Linux security spell is broken - part 1
« on: May 02, 2014, 02:53:15 PM »

I've been dipping into the coming-technology-overlord-no-more-freedom-apocalypse well quite a bit in recent weeks, so for a change, we'll leave that robot rabbit alone today. Instead, let's turn our attention to the mythical unicorn known as the totally secure Linux server.

Recently, security researchers at Irish think tank ESET uncovered what they're calling Operation Windigo, a Linux-capable backdoor Trojan that may have infected up to 25,000 Unix servers worldwide. Those, in turn, have been attacking up to 500,000 PCs -- like yours and mine -- on a daily basis since then. When discussing this with a reader via email, the quote came up: "You know it's bad when even Linux machines need to worry about security." I coughed up fine, aged scotch on that one -- I figured that readers of this column would know better.

According to ESET, Windigo isn't exploiting an undiscovered weakness in Linux or OpenSSH. This thing has to be manually installed, which means the wart-spouting troglodytes cracked the credentials of up to 25,000 servers, most likely remotely unless they've been faking their way into data centers worldwide wearing janitor uniforms and reading the passwords that were probably taped to each server bezel. Those admins, much like my poor reader who shall remain nameless, seem to be of the same mind: Linux is Unix as well as little-used, so we don't have to worry about serious security.

Linux accounts for more than 60 percent of servers worldwide, a figure first cited back in 2008. That's a lot of servers running a lot of mission-critical software, which completely invalidates the pipe dream that the bad guys are ignoring Linux in favor of the supposedly weaker and more numerous Windows Servers.