Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

How much do you trust Debian?

Off-Topic discussions about science, technology, and non Debian specific topics.
Message
Author
jmgibson1981
Posts: 295
Joined: 2015-06-07 14:38
Has thanked: 11 times
Been thanked: 32 times

Re: How much do you trust Debian?

#41 Post by jmgibson1981 »

I don't think anyone can blame Debian or any other Distro for security issues. No software is perfect, all you can do is find the one with the most open and transparent development environment. That being said I saw a link to an article on LinuxQuestions.org. I am not a developer but it all makes sense to me. Security just isn't a priority for most devs. I'm sure it is for some but certainly not all.

The article

https://go.theregister.com/feed/www.the ... re_column/

LE_746F6D617A7A69
Posts: 932
Joined: 2020-05-03 14:16
Has thanked: 7 times
Been thanked: 65 times

Re: How much do you trust Debian?

#42 Post by LE_746F6D617A7A69 »

^ The above article references this one:
https://www.theregister.com/2022/01/18/ ... h_tuesday/

Well paid software developers working for multi-billion BigTech company are issuing security fixes which are completely broken.
Most likely those patches have caused multi-million losses in total, for hundreds of companies that are using Microsoft Servers and Hyper-V.

I'm using Debian as my main OS for ~13 years now, and after thousands of updates/upgrades I've experienced only a single, easy to fix problem with one of backported packages: link

It's true that some security issues are discovered from time to time in Debian/Linux kernel, but somehow I've never heard about a situation where hundreds of thousands of Linux machines get suddenly infected by some unknown virus.

For closed-source software massive global infections are quite frequent.

I would say that this is because all the Debian/Linux bugs are discovered *before* any attack - so the time window for preparing a global attack is very short (because most systems are immediately updated) -> In closed-source software the security-related bugs are discovered *after* the attack.
At least, this is what the stats are showing ;)
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed

User avatar
argentwolf
Posts: 201
Joined: 2021-09-05 23:21
Has thanked: 185 times
Been thanked: 15 times

Re: How much do you trust Debian?

#43 Post by argentwolf »

Whew! I guess then it's a relief that Debian doesn't participate in these sectors: "defense, emergency services, agriculture, government facilities, IT, healthcare, financial services, education, energy, charities, legal institutions, and public services." #TNO

"CISA, FBI, NSA Issue Advisory on Severe Increase in Ransomware Attacks"
https://thehackernews.com/2022/02/cisa- ... evere.html

"Cybercriminals Target Linux‑Based Systems With Ransomware and Cryptojacking Attacks"
https://news.vmware.com/releases/cyberc ... ng-attacks
Vanguard Debian, because nothing's worse than doing nothing, whimsically!
32-bit | 2 Duo T5270 @ 1.40GHz x 2 CPU | 3.9GiB RAM | NV86 117MiB GPU | 465.76GiB SSD
64-bit | i7-4790 @ 3.60GHz x 8 CPU | 15.6GiB RAM | NVD9 1.9GiB GPU | 931.51GiB SSD

User avatar
Onsemeliot
Posts: 333
Joined: 2010-12-15 14:43
Has thanked: 20 times
Been thanked: 5 times

Re: How much do you trust Debian?

#44 Post by Onsemeliot »

canci wrote: 2022-01-30 14:01 Maybe one day we can have RISC-V. For now, it still doesn't look very feasible:
Isn't RSIC-V just the base on which corporations most likely will build proprietary CPUs on? I guess even with RISC-V as the standard we might not see any free hardware because it would still be to difficult to actually build chips for smaller companies that might want to create free hardware. Or do I get something wrong here?

But to the main question of this discussion: I wouldn't say that I can fully trust any operating system. Especially because I can't audit it myself (even if I did understand enough to do so in principle the amount of stuff to check is just hopeless). But I think we do have the same problem everywhere: Of course the arguments for the earth not being flat are rather convincing but even the classic practical test of looking at a ship sinking behind the horizon on the sea is not a full proof. And travelling around the world wouldn't really help either since I am not capable of ensuring I wouldn't go in a circle on such great distances.

So, in essence I think there is much less reason to suspect Debian to be hijacked by malicious interests than almost any other system I could probably use. I use it since about 2008 and am still rather happy with it. I wouldn't want to move back to Windows or over to MacIntosh. (Don't get me started on mobile devices!)

All systems have issues and especially the obviously avoidable ones annoy me. It is much easier for me to accept that a program is buggy due to an error than due to some commercial interest. And everything considered, Debian has much fewer of such avoidable annoyances than most other operating systems that would be available to me. Therefore, I am proud to be a long time user and financial supporter of the project. (Unfortunately I can't contribute any coding skills.)

LE_746F6D617A7A69
Posts: 932
Joined: 2020-05-03 14:16
Has thanked: 7 times
Been thanked: 65 times

Re: How much do you trust Debian?

#45 Post by LE_746F6D617A7A69 »

argentwolf wrote: 2022-02-11 11:15 Whew! I guess then it's a relief that Debian doesn't participate in these sectors: "defense, emergency services, agriculture, government facilities, IT, healthcare, financial services, education, energy, charities, legal institutions, and public services." #TNO
Who's using Debian?
This list contains only those companies and organizations who decided to support Debian by showing that Debian is their OS of choice.
My company uses ~30 Debian systems, but it is not listed - just like many others.
And another list: List_of_Linux_adopters
argentwolf wrote: 2022-02-11 11:15 "CISA, FBI, NSA Issue Advisory on Severe Increase in Ransomware Attacks"
https://thehackernews.com/2022/02/cisa- ... evere.html
This article doesn't even contain words Debian or Linux.
argentwolf wrote: 2022-02-11 11:15 "Cybercriminals Target Linux‑Based Systems With Ransomware and Cryptojacking Attacks"
https://news.vmware.com/releases/cyberc ... ng-attacks
Recently a new IT sub-market emerged: lots of software companies want to sell ridiculously expensive threat scanners, with ridiculously expensive hotline support (You can count on our "experts" :lol: ) -> vmware is not an exception, and You can easily find tons of similar articles.
This is just a standard set of bullshits used to hack customer's brains and convince them to drop lots of money in a mud.
Anyway, I've said that I've never heard of a successful massive attack on Linux systems - the above article doesn't prove the opposite.
Onsemeliot wrote: 2022-02-11 13:23 Isn't RSIC-V just the base on which corporations most likely will build proprietary CPUs on?
Yes. It is even guaranteed in the RISC-V ISA specification.
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed

clementishutin
Posts: 37
Joined: 2021-12-10 11:59
Been thanked: 3 times

Re: How much do you trust Debian?

#46 Post by clementishutin »

So, in general, I believe there is far less cause to suspect Debian of being hacked by hostile actors than practically any other system I might use. I've been using it since around 2008 and am still quite pleased with it. I don't want to go back to Windows or go to Mac.

LE_746F6D617A7A69
Posts: 932
Joined: 2020-05-03 14:16
Has thanked: 7 times
Been thanked: 65 times

Re: How much do you trust Debian?

#47 Post by LE_746F6D617A7A69 »

clementishutin wrote: 2022-03-01 13:10 So, in general, I believe there is far less cause to suspect Debian of being hacked by hostile actors than practically any other system I might use. I've been using it since around 2008 and am still quite pleased with it. I don't want to go back to Windows or go to Mac.
Generally, Yes -> but You should be aware of the fact, that by using 3rd party sources like flatpak, appimage, snap, ubuntu ppa's, etc You're taking full responsibility for Your OS - nobody can guarantee that those sources of binary blobs are safe.

If You absolutely need a newer version of some program, compile it from source.
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed

sirfer
Posts: 32
Joined: 2013-05-15 23:13
Location: Auckland, New Zealand
Has thanked: 14 times
Been thanked: 2 times

Re: How much do you trust Debian?

#48 Post by sirfer »

I don't necessarily trust Debian or GNU/Linux per se, I just like the way it works, like most computers used to work before MS came along and despoiled the ecosystem.

Windows makes me wanna take a hammer to my PC even though I only run it in VBox ... I'm just glad there are alternatives

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: How much do you trust Debian?

#49 Post by bester69 »

I trust debian 100%.. ive realised apps are getting better and more stable as times goes by... you can feel it.. less crashes in apps likle kdenlive , handbrake, all of them... my internet browser hasnt crashed again since i installed.. plasma desktop hasnt crash once again since buster version, everithing feels smooth and stable like a charm.. bullseyes is a great, great distriburion along plasma kde...

I HIGHLY RECOMMEND YOU this winner combination: BTRFS+DEBIAN STABLE+PLASMA KDE
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

Marie SWE
Posts: 241
Joined: 2021-04-06 22:14
Location: Sweden / Linköping
Has thanked: 7 times
Been thanked: 9 times

Re: How much do you trust Debian?

#50 Post by Marie SWE »

Interesting thread :D
I do not trust anything or anyone.. not even myself to 100% :oops:
No operating system is completely secure... if that existed, then everyone would use it and abandon everything else.

No system is more secure than the user himself.
If you take a Windows 2000 computer with a configured software firewall, turn it on and no one uses it.. then the computer is secure.
If you take the latest version of any linux distro .. turn it on and a user installs a virus/trojan/ransomware.. then the computer is compromised.

I only trust systems that I have a 100% understanding of how it works, how it do the different things and why it does things.
And as I (the user) is the weak link, then I want to be able to monitor the system in real time so i can see if something happens that shouldn't happen. what processes is running, network activity, harddisk activity, etc.
and I always have a software firewall on each computer to have total control over which programs/processes is allowed for outbound access. So if I do something stupid, like install a cool desktop gadget from a website (like evil gnome) or some ransomware, then it can't send data or spread in the network as that program doesn't have an applied outbound rule.

So at present time, I can make a win7(EOL) computer more secured then my Debian and LMDE computers. Why? is it because win7 is more secure? absolutely not. :shock:
It is just because I know windows systems and have 30+years experience of microsoft OS and a sysadmin education(14years old)... but I only have around 2years active self-tough experience of linux systems.. and I can't expect to get the same amount of knowledge in only 2years.. But I hope to get there with time, patience and stubbornness. I just love Debian.. Debian is my future. :mrgreen: :mrgreen: :mrgreen:
Why make things complicated in life, if you can make it easier for yourself... Do it. ;o)
You only have one life, so make the most of it and enjoy it while you can.

User avatar
Diesel330
Posts: 127
Joined: 2021-11-08 19:57
Location: Eastern Europe
Has thanked: 29 times
Been thanked: 16 times

Re: How much do you trust Debian?

#51 Post by Diesel330 »

I take your word but we are all together into it, if we screw up we screw up together

LE_746F6D617A7A69
Posts: 932
Joined: 2020-05-03 14:16
Has thanked: 7 times
Been thanked: 65 times

Re: How much do you trust Debian?

#52 Post by LE_746F6D617A7A69 »

Marie SWE wrote: 2022-03-19 22:38 No operating system is completely secure... if that existed, then everyone would use it and abandon everything else.
Not really - many companies are using "some OS" of their choice only because they naively believe in paid support - which gives only an illusion of safety, not to mention that such support itself is a threat to production systems.
Marie SWE wrote: 2022-03-19 22:38 If you take a Windows 2000 computer with a configured software firewall, turn it on and no one uses it.. then the computer is secure.
:lol:
Really? W2K is not supported by any of the web browsers today -> Are You trying to tell that Microshit Internet Exploder v6.0 is safe? :lol:
Marie SWE wrote: 2022-03-19 22:38 I only trust systems that I have a 100% understanding of how it works,
(...)
So at present time, I can make a win7(EOL) computer more secured then my Debian and LMDE computers. Why? is it because win7 is more secure? absolutely not. :shock:
It is just because I know windows systems and have 30+years experience of microsoft OS and a sysadmin education
You can't know how the Winblows works without reviewing its source code. Even Microshit doesn't know how their OS works - that's why almost every update results in regressions of some kind :lol:

... Why are You spamming this thread with such utter bullshits?
IMO Your post should be considered a spam - and deleted.
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed

Marie SWE
Posts: 241
Joined: 2021-04-06 22:14
Location: Sweden / Linköping
Has thanked: 7 times
Been thanked: 9 times

Re: How much do you trust Debian?

#53 Post by Marie SWE »

LE_746F6D617A7A69 wrote: 2022-03-22 21:25
Marie SWE wrote: 2022-03-19 22:38 No operating system is completely secure... if that existed, then everyone would use it and abandon everything else.
Not really - many companies are using "some OS" of their choice only because they naively believe in paid support - which gives only an illusion of safety, not to mention that such support itself is a threat to production systems.
Marie SWE wrote: 2022-03-19 22:38 If you take a Windows 2000 computer with a configured software firewall, turn it on and no one uses it.. then the computer is secure.
:lol:
Really? W2K is not supported by any of the web browsers today -> Are You trying to tell that Microshit Internet Exploder v6.0 is safe? :lol:
Marie SWE wrote: 2022-03-19 22:38 I only trust systems that I have a 100% understanding of how it works,
(...)
So at present time, I can make a win7(EOL) computer more secured then my Debian and LMDE computers. Why? is it because win7 is more secure? absolutely not. :shock:
It is just because I know windows systems and have 30+years experience of microsoft OS and a sysadmin education
You can't know how the Winblows works without reviewing its source code. Even Microshit doesn't know how their OS works - that's why almost every update results in regressions of some kind :lol:

... Why are You spamming this thread with such utter bullshits?
IMO Your post should be considered a spam - and deleted.
I just made a point.. (turn it on and no one uses it) and the next point was ( a user installs a virus/trojan/ransomware.. then the computer is compromised.)
The moral cake is, that it is the user that is the weak link in all systems, not the system itself. So Yes Debian is safe if the user doesn't do anything stupid.
And I never said anything about IE6... I said no one uses the computer. :wink: so that is, no one starts IE6 or any other programs that goes online
Why make things complicated in life, if you can make it easier for yourself... Do it. ;o)
You only have one life, so make the most of it and enjoy it while you can.

LE_746F6D617A7A69
Posts: 932
Joined: 2020-05-03 14:16
Has thanked: 7 times
Been thanked: 65 times

Re: How much do you trust Debian?

#54 Post by LE_746F6D617A7A69 »

Marie SWE wrote: 2022-03-22 21:39 I just made a point.. (turn it on and no one uses it)
(...)
And I never said anything about IE6... I said no one uses the computer. :wink: so that is, no one starts IE6 or any other programs that goes online
You seem to be a clever person - but the above makes completely no sense - what's the use case then? ... and how it is different from using up-to-date OS?
Marie SWE wrote: 2022-03-22 21:39 ( a user installs a virus/trojan/ransomware.. then the computer is compromised.)
Today, MS Winblows, Boogle Bandroid, and idiotOS have built-in spying functionality - they are no different from old-fashioned trojans.
Debian by default does not contain any spying software (well, there is a popcon, but it's an opt-in)
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed

Shamak
Posts: 147
Joined: 2018-04-14 00:33
Has thanked: 11 times
Been thanked: 8 times

Re: How much do you trust Debian?

#55 Post by Shamak »

I mostly trust Debian. The only reservation I have was produced by recent periods where chromium was not being updated. At first I thought that the CVE's did not apply to Debian and it just wasn't being updated for the sake of stability. Then bug reports began to appear citing multiple vulnerabilities. And it still wasn't being updated. Thankfully, that problem seems to have been resolved but I still wonder about the possibility of this happening on packages where I am less aware of what's going on.

However it's worth saying that Ubuntu Thunderbird is stuck on 91.5.0 where as the current release is 91.7.0. There was an important update to 91.6.2 that fixed a couple of zero day exploits.
Security Vulnerabilities fixed in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0

Announced
March 5, 2022
Impact
high
Products
Firefox, Firefox ESR, Firefox for Android, Focus, Thunderbird
Fixed in

Firefox 97.0.2
Firefox ESR 91.6.1
Firefox for Android 97.3
Focus 97.3
Thunderbird 91.6.2

#CVE-2022-26485: Use-after-free in XSLT parameter processing

Reporter
Wang Gang, Liu Jialei, Du Sihang, Huang Yi & Yang Kang of 360 ATA
Impact
critical

Description

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw.
References

Bug 1758062

#CVE-2022-26486: Use-after-free in WebGPU IPC Framework

Reporter
Wang Gang, Liu Jialei, Du Sihang, Huang Yi & Yang Kang of 360 ATA
Impact
critical

Description

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.
References

Bug 1758070
https://www.mozilla.org/en-US/security/ ... sa2022-09/

As far as I can tell (though I'm no expert) Thunderbird is just as affected by these vulnerabilities as Firefox is. What makes this different than the Debian chromium situation is that that was a single maintainer that wasn't updating Chromium. But Ubuntu Thunderbird is in the "main" repository (when I checked on the Ubuntu live usb) which my understanding is that it's maintained by Canonical itself. This just seems to me to be beyond the pale for Canonical itself allowing zero day exploits to be part of Thunderbird. But I don't understand everything so maybe I'm missing something. But that concerns me.

Debian updated to 91.6.2 on March 8, three days after the March 5 release of 91.6.2.
Version 91.6.2, first offered to channel users on March 5, 2022
https://www.thunderbird.net/en-US/thund ... easenotes/
[2022-03-08] Accepted thunderbird 1:91.6.2-1~deb11u1 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Carsten Schoenert)
https://tracker.debian.org/pkg/thunderbird

LE_746F6D617A7A69
Posts: 932
Joined: 2020-05-03 14:16
Has thanked: 7 times
Been thanked: 65 times

Re: How much do you trust Debian?

#56 Post by LE_746F6D617A7A69 »

I'm watching the CVE's very carefully - the thing is, that CVE database is only providing a "hints" - to analyse the threat, You have to understand the code and try to execute the POC example.
The "use after free" CVE's vulnerabilities are extremely hard to use outside of laboratory -> in our world the safety of computers is foremost a business ;)

F.e. the "Dirty pipe" (CVE-2022-0847) has been rated as "critical", but it's a local privilege escalation case - it can't be used without preparing the system for the attack.
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed

Marie SWE
Posts: 241
Joined: 2021-04-06 22:14
Location: Sweden / Linköping
Has thanked: 7 times
Been thanked: 9 times

Re: How much do you trust Debian?

#57 Post by Marie SWE »

LE_746F6D617A7A69 wrote: 2022-03-22 22:17
Marie SWE wrote: 2022-03-22 21:39 I just made a point.. (turn it on and no one uses it)
(...)
And I never said anything about IE6... I said no one uses the computer. :wink: so that is, no one starts IE6 or any other programs that goes online
You seem to be a clever person - but the above makes completely no sense - what's the use case then? ... and how it is different from using up-to-date OS?
If you have a computer behind a firewall that is totally blocked for incoming traffic, and no one does something stupid, it cant get accessed from the outside. updated or not. EDIT(you also need outbound rules and block by default to stop unwanted outgoing traffic (calling home (example win-Logitech mousepad))
How did Linux computers get infected by EvilGnome? https://thehackernews.com/2019/07/linux ... yware.html
The answer is, it had to be installed by the user. The system wasn't the problem, the user was. Do you see my point now?
LE_746F6D617A7A69 wrote: 2022-03-22 22:17
Marie SWE wrote: 2022-03-22 21:39 ( a user installs a virus/trojan/ransomware.. then the computer is compromised.)
Today, MS Winblows, Boogle Bandroid, and idiotOS have built-in spying functionality - they are no different from old-fashioned trojans.
Debian by default does not contain any spying software (well, there is a popcon, but it's an opt-in)
I don't want it to become a windows discussion on a Linux debian forums, so if you want more details we can take that by PM.
Sort answer. yes win10 is called win10spyware and if it wasn't for EULA, every court in the world would have a law class action against microsoft as a spyware company.. and some country's does. And then all antivirus companies in the world would blacklist windows as a virus..
The biggest problem with win10+11 is, it is a rolling release, it's hard to rip out all the spyware as it's gets installed again with next rollup. In win xp, vista, 7 and 8 it is possible to rip it out and it's stays out if you watch out what updates to install or not. (and you breaks some functions when you rip out the spyware in 10 and 11)
The look on 8, 10, 11 and the rolling release of 10+11 was the main reason that I abandon wincrap... so never-ever-ever winblows for me again.. it's totally crap from the ground up.
Why make things complicated in life, if you can make it easier for yourself... Do it. ;o)
You only have one life, so make the most of it and enjoy it while you can.

LE_746F6D617A7A69
Posts: 932
Joined: 2020-05-03 14:16
Has thanked: 7 times
Been thanked: 65 times

Re: How much do you trust Debian?

#58 Post by LE_746F6D617A7A69 »

Marie SWE wrote: 2022-03-22 23:30 If you have a computer behind a firewall that is totally blocked for incoming traffic, and no one does something stupid, it cant get accessed from the outside. updated or not.
Really? You have 14 years of experience as an Winblows admin?
Windows itself creates outgoing connections to WindowsUpdate servers, and that addresses can be spoofed -> in fact, this still works with win10 ;)
Marie SWE wrote: 2022-03-22 23:30 I don't want it to become a windows discussion on a Linux debian forums, so if you want more details we can take that by PM.
Hmm, it's You who have started spamming this thread with unrelated bullshits about how it is safe to use a 22 years old Microshit systems ...

Good night.
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed

Marie SWE
Posts: 241
Joined: 2021-04-06 22:14
Location: Sweden / Linköping
Has thanked: 7 times
Been thanked: 9 times

Re: How much do you trust Debian?

#59 Post by Marie SWE »

LE_746F6D617A7A69 wrote: 2022-03-22 23:53
Marie SWE wrote: 2022-03-22 23:30 If you have a computer behind a firewall that is totally blocked for incoming traffic, and no one does something stupid, it cant get accessed from the outside. updated or not.
Really? You have 14 years of experience as an Winblows admin?
Windows itself creates outgoing connections to WindowsUpdate servers, and that addresses can be spoofed -> in fact, this still works with win10 ;)
Marie SWE wrote: 2022-03-22 23:30 I don't want it to become a windows discussion on a Linux debian forums, so if you want more details we can take that by PM.
Hmm, it's You who have started spamming this thread with unrelated bullshits about how it is safe to use a 22 years old Microshit systems ...

Good night.
And how should win update call out if you have stop it?
you need to plug the problems to get wincrap secured in the first place. When i used windows i installed all updates offline
as for win10 i did say (you break some functions when you rip out the spyware in 10 and 11) that is example. search, winupdates, camera, store etc
no i only worked with custom installs between 1999-2008 back to school 2008-2013 and then again worked network and win systems 2013-2020
i wrote that in my thread you posted in.

where was I writing it was safe to use a 22year old windows computer.. quote that and highlight that statement. Read again please.
Why make things complicated in life, if you can make it easier for yourself... Do it. ;o)
You only have one life, so make the most of it and enjoy it while you can.

Shamak
Posts: 147
Joined: 2018-04-14 00:33
Has thanked: 11 times
Been thanked: 8 times

Re: How much do you trust Debian?

#60 Post by Shamak »

LE_746F6D617A7A69 wrote: 2022-03-22 23:22 I'm watching the CVE's very carefully
Good to know. :)
- the thing is, that CVE database is only providing a "hints" - to analyse the threat, You have to understand the code and try to execute the POC example.
The "use after free" CVE's vulnerabilities are extremely hard to use outside of laboratory -> in our world the safety of computers is foremost a business ;)

F.e. the "Dirty pipe" (CVE-2022-0847) has been rated as "critical", but it's a local privilege escalation case - it can't be used without preparing the system for the attack.
Interesting. I had heard that some exploits may be serious in their outcome (allowing remote code execution) but are difficult to carry out. So now I'm not looking down on Canonical so much lol. Except they have had attacks in the wild....
in our world the safety of computers is foremost a business ;)
Ha, ha!

Post Reply