First kernel.org, now mysql.com hacked

It was discovered that mysql.com was hacked, and was spreading malware. Shortly after kernel.org, this is another hack of a major distributor of open source software for the linux community (and also hosted on linux).

I wonder how many more major sites of the linux community have to be hacked before the bubble of linux/open source security bursts. It should start to dawn on people by now that indeed *nix-derived OSes are certainly not all that much safer by design, as was also covered in an article on OS X a while ago.

The fairy tale is over.

Advertisements
This entry was posted in Software news and tagged , , , . Bookmark the permalink.

9 Responses to First kernel.org, now mysql.com hacked

  1. k1net1cs says:

    Apparently most (GNU/)Linux (or *nix) evangelists still consider Windows (security) as being inferior based on what was wrong with Windows XP, and evading the facts that most (if not all) malwares, trojans & viruses infecting Vista & 7 these days are due to user’s negligence.
    They even still consider that (user’s negligence) as one of Windows’ weaknesses, though under the guise of “Windows security is weak by design; look at how many patches Microsoft spew out every month!” phrasing.
    Yet whenever I run Linux Mint LXDE or Mandriva, there’s always around three or more updates (for its base/default applications) show up every two weeks, and then being lapped up as “that’s just why Linux is more secure; updates are frequent!”.

    • Scali says:

      Yes, the bubble of linux security is bursting.
      They’re in more trouble now with Microsoft supporting UEFI secure boot with Windows 8.
      The linux community arguing against secure boot wasn’t a very smart thing to do.
      The message is basically: Windows 8 == secure, linux != secure.

  2. winning team says:

    linux.org was hacked because user credentials were compromised not because gnu/linux is not secure. microsoft has a history of being slow with releasing known exploits. google it. please stop spreading fud. it only makes you look ignorant.

    • Scali says:

      Except I didn’t mention linux.org, or Microsoft for that matter.
      How does that make you look?

    • mh says:

      I don’t think this was a “Linux vs Microsoft” thing. I think the point of this post was “don’t assume that just because you’re running Linux you’re automatically more secure by default” – because in a lot of cases you’re actually not. You’re still vulnerable to credential compromise, you’re still vulnerable to SQL injection, you’re still vulnerable to email relay, you still need a decent level of protection against all of the nasties out there, and pretending otherwise is just FUD of it’s own kind and is going to blow up in even more and more embarrassing fashion until people stop.

      • Scali says:

        To expand on that, as kernel.org said: “Intruders gained root access on the server Hera. We believe they may have gained this access via a compromised user credential; how they managed to exploit that to root access is currently unknown and is being investigated.”

        So although they may have gotten in because they somehow obtained the user credentials (which no OS could possibly prevent), that still doesn’t explain how they got from there to root access. Apparently they exploited a severe security flaw there.

    • k1net1cs says:

      Congratulations, ‘winning team’; you’ve just made a rock looks smart.

  3. NEW-IMPROVED-JDWII says:

    I HATE MYSQL I HATE IT. I never liked this type of stuff and i have to learn it because of Baker college i’m going to be a network administrator i’m not going to be a database person.

  4. Pingback: The myth of linux/open source security | Scali's OpenBlog™

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s