Forgot Password
Pentax Camera Forums Home
 

Reply
Show Printable Version Search this Thread
01-19-2016, 07:29 PM   #1
Site Supporter
Site Supporter
boriscleto's Avatar

Join Date: Dec 2009
Location: North Syracuse, NY
Photos: Gallery
Posts: 14,162
Linux kernel flaw

The biggest threat is probably to Android devices. It affects all versions of Android from 4.4 KitKat and later. And since most Android devices never get OS updates...

Linux kernel flaw threatens millions of PCs, servers, and Android devices | PCWorld

01-19-2016, 07:49 PM   #2
Site Supporter
Site Supporter
jatrax's Avatar

Join Date: May 2010
Location: Oregon Cascades
Photos: Gallery | Albums
Posts: 11,777
Ouch.

Would think the most serious vulnerability would be with routers, switches, cable modems and the like because few people ever think to update the OS on those. Or even realize that they have an OS.
01-19-2016, 07:53 PM   #3
Resident Bagpiper
Loyal Site Supporter
bertwert's Avatar

Join Date: Jun 2015
Location: Golden, BC
Photos: Albums
Posts: 10,235
QuoteOriginally posted by jatrax Quote
Or even realize that they have an OS.
You can say that again...

People are also amazed I can get into something running Linux with root privileges just because I have physical access to the machine.
01-19-2016, 08:59 PM   #4
Pentaxian
reeftool's Avatar

Join Date: Dec 2007
Location: Upstate New York
Photos: Gallery | Albums
Posts: 8,497
QuoteOriginally posted by bertwert Quote
You can say that again...

People are also amazed I can get into something running Linux with root privileges just because I have physical access to the machine.
Yeah, I take it from this article that this vulnerability is only an issue when a user is physically using an account on a machine. The rest of this is mostly scare tactic BS as phones are single user devices.

There are a lot of vulnerabilities affecting routers. My router has open source firmware which I can easily update but many don't and most people never even change the factory default passwords.

01-19-2016, 09:05 PM   #5
Site Supporter
Site Supporter
jatrax's Avatar

Join Date: May 2010
Location: Oregon Cascades
Photos: Gallery | Albums
Posts: 11,777
QuoteOriginally posted by reeftool Quote
most people never even change the factory default passwords
Which I've noticed are often printed on the bottom of the router.
01-19-2016, 09:10 PM   #6
Resident Bagpiper
Loyal Site Supporter
bertwert's Avatar

Join Date: Jun 2015
Location: Golden, BC
Photos: Albums
Posts: 10,235
QuoteOriginally posted by reeftool Quote
There are a lot of vulnerabilities affecting routers. My router has open source firmware which I can easily update but many don't and most people never even change the factory default passwords.
QuoteOriginally posted by jatrax Quote
Which I've noticed are often printed on the bottom of the router.
Or even no password...

I know my family uses Tomato firmware on our router, lot easier than Cisco or Linksys own firmware.
01-19-2016, 09:12 PM   #7
Site Supporter
Site Supporter
kiwi_jono's Avatar

Join Date: Dec 2009
Location: Christchurch, New Zealand
Photos: Gallery | Albums
Posts: 1,400
I'm a linux user but this could be much worse - I could be running sieve (Windows)!

Fortunately minimal effect on my home / development machines - well protected user and don't have guest accounts etc. However embedded systems could be a concern.
01-19-2016, 09:20 PM   #8
Site Supporter
Site Supporter
boriscleto's Avatar

Join Date: Dec 2009
Location: North Syracuse, NY
Photos: Gallery
Posts: 14,162
Original Poster
QuoteOriginally posted by reeftool Quote
Yeah, I take it from this article that this vulnerability is only an issue when a user is physically using an account on a machine. The rest of this is mostly scare tactic BS as phones are single user devices.
Where do you get that? This attacks the kernel keyring. The keyring is accessed by applications as it is a place to keep authentication and encryption keys. This bug would allow malicious apps to access those keys. Now that this exploit has been exposed the hackers will figure out how to use it. Android is vulnerable because of fragmentation of the OS, lack of update support by the device manufacturers and carriers, and third party app stores. And there are plenty of devices out there using Android that aren't even phones...most not even using the official Android OS (no Google apps and no Play Store).

01-20-2016, 12:11 AM   #9
Site Supporter
Site Supporter




Join Date: Mar 2008
Location: Prince George, BC
Photos: Gallery | Albums
Posts: 2,778
The fix for this came in for my ubuntu boxes this morning.
01-20-2016, 04:28 AM   #10
Pentaxian
reeftool's Avatar

Join Date: Dec 2007
Location: Upstate New York
Photos: Gallery | Albums
Posts: 8,497
QuoteOriginally posted by boriscleto Quote
Where do you get that? This attacks the kernel keyring. The keyring is accessed by applications as it is a place to keep authentication and encryption keys. This bug would allow malicious apps to access those keys. Now that this exploit has been exposed the hackers will figure out how to use it. Android is vulnerable because of fragmentation of the OS, lack of update support by the device manufacturers and carriers, and third party app stores. And there are plenty of devices out there using Android that aren't even phones...most not even using the official Android OS (no Google apps and no Play Store).
This particular issue allows a user to to have root privileges on the computer he is using. Obviously, once that happens, he could install some pretty nasty apps which could then be used to do further damage but I fail to see how this particular vulnerability will affect Android users who can't get an update. Most phones are locked down anyhow and even the owner doesn't have root privileges. There are a lot of other vulnerabilities in Android which are an issue and I will totally agree that the practice of not allowing updates by phone carriers is just plain wrong and driven by greed, forcing users to buy new phones fairly often.
01-20-2016, 06:34 AM   #11
Site Supporter
Site Supporter
boriscleto's Avatar

Join Date: Dec 2009
Location: North Syracuse, NY
Photos: Gallery
Posts: 14,162
Original Poster
QuoteOriginally posted by reeftool Quote
This particular issue allows a user to to have root privileges on the computer he is using. Obviously, once that happens, he could install some pretty nasty apps which could then be used to do further damage but I fail to see how this particular vulnerability will affect Android users who can't get an update. Most phones are locked down anyhow and even the owner doesn't have root privileges. .
You are misreading this. This vulnerability allows apps to escalate the privileges of a local user. So install a malicious app, get rooted. If you only download apps from the Google Play Store you are probably alright. But there are other app stores available on Android, and there are millions of devices that don't even have the Play Store.

Linux distros will be patched quickly. Android not so much.
01-20-2016, 11:39 AM   #12
Pentaxian




Join Date: Dec 2010
Location: Ontario
Photos: Gallery
Posts: 3,209
QuoteOriginally posted by jatrax Quote
Which I've noticed are often printed on the bottom of the router.
My (changed) passwords are on the bottom of my router but if you've managed to get to this piece of paper I'm no longer relying on the password to deny you access to my home network- it's now up to my cricket bat
01-20-2016, 12:29 PM   #13
Administrator
Site Webmaster
Adam's Avatar

Join Date: Sep 2006
Location: Arizona
Photos: Gallery | Albums
Posts: 48,345
Hopefully they'll patch this one up quickly.

Doesn't sound as bad as the shellshock exploit, which affected virtually every linux and mac PC since the beginning of time

Adam
PentaxForums.com Webmaster (Site Usage Guide | Site Help | My Photography)



PentaxForums.com server and development costs are user-supported. You can help cover these costs by donating. Or, buy your photo gear from our affiliates, Adorama, B&H Photo, or Topaz Labs, and get FREE Marketplace access - click here to see how! Trusted Pentax retailers:

01-20-2016, 01:00 PM   #14
Site Supporter
Site Supporter
boriscleto's Avatar

Join Date: Dec 2009
Location: North Syracuse, NY
Photos: Gallery
Posts: 14,162
Original Poster
QuoteQuote:
The vulnerability is notable because it's exploitable in a wide array of settings. On servers, people with local access can exploit it to achieve complete root access. On smartphones running Android versions KitKat and later, it can allow a malicious app to break out of the normal security sandbox to gain control of underlying OS functions. It can also be exploited on devices and appliances running embedded versions of Linux.
Linux bug imperils tens of millions of PCs, servers, and Android phones | Ars Technica

"Imagine if Windows patches had to pass through Dell and your ISP before they came to you? And neither cared? That is called Android."
Reply

Bookmarks
  • Submit Thread to Facebook Facebook
  • Submit Thread to Twitter Twitter
  • Submit Thread to Digg Digg
Tags - Make this thread easier to find by adding keywords to it!
android, devices, flaw, linux, photography, photoshop
Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux and pentax naldopr Digital Processing, Software, and Printing 21 01-01-2016 08:48 AM
Linux Software bertwert Digital Processing, Software, and Printing 12 07-15-2015 11:53 AM
Question for Linux users.. K57XR Digital Processing, Software, and Printing 62 04-24-2015 08:00 PM
Is manual control the only flaw? penquin Video and Pentax HDSLRs 38 10-26-2011 11:25 AM
Security flaw in Internet Explorer Damn Brit General Talk 36 12-21-2008 08:40 PM



All times are GMT -7. The time now is 12:06 AM. | See also: NikonForums.com, CanonForums.com part of our network of photo forums!
  • Red (Default)
  • Green
  • Gray
  • Dark
  • Dark Yellow
  • Dark Blue
  • Old Red
  • Old Green
  • Old Gray
  • Dial-Up Style
Hello! It's great to see you back on the forum! Have you considered joining the community?
register
Creating a FREE ACCOUNT takes under a minute, removes ads, and lets you post! [Dismiss]
Top