The Linux security spell is broken

The Linux community joins the rest of us schmucks in the sad security state as news breaks of massively infected Unix servers

I've been dipping into the coming-technology-overlord-no-more-freedom-apocalypse well quite a bit in recent weeks, so for a change, we'll leave that robot rabbit alone today. Instead, let's turn our attention to the mythical unicorn known as the totally secure Linux server.

But before we go there, I need to get this off my chest: Zuck, you unfathomable weirdo. Not a month since Google made my skin crawl with DeepMind, you drop 97-plus percent accurate facial recognition into social media and lob me DeepFace?! C'mon!! Why would you call it that? Did you lose a bet? Is it related to an unfortunate bout with high school acne? You're killing me here!

[ Those who forget past tech are doomed to be hacked | For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter and follow Cringely on Twitter. | Tell us your tech story! If we publish it, you get a $50 American Express gift cheque. Send your tale to offtherecord@infoworld.com. ]

Whew. I think that's it. Now back to our regularly scheduled programming.

Linux: Another notch on a hacker's keyboard

Recently, security researchers at Irish think tank ESET uncovered what they're calling Operation Windigo, a Linux-capable backdoor Trojan that may have infected up to 25,000 Unix servers worldwide. Those, in turn, have been attacking up to 500,000 PCs -- like yours and mine -- on a daily basis since then. When discussing this with a reader via email, the quote came up: "You know it's bad when even Linux machines need to worry about security." I coughed up fine, aged scotch on that one -- I figured that readers of this column would know better. Speaking of, here it comes again ...

By Jove, the Turing prize and the Snowden Certificate for Creative Intel Gathering will surely be mine upon receipt of this revolutionary formula: DeepMind + DeepFace = DeepProbe. Let that one sink in.

According to ESET, Windigo isn't exploiting an undiscovered weakness in Linux or OpenSSH. This thing has to be manually installed, which means the wart-spouting troglodytes cracked the credentials of up to 25,000 servers, most likely remotely unless they've been faking their way into data centers worldwide wearing janitor uniforms and reading the passwords that were probably taped to each server bezel. Those admins, much like my poor reader who shall remain nameless, seem to be of the same mind: Linux is Unix as well as little-used, so we don't have to worry about serious security.

How are you supposedly fighting the NSA and moving invasive data mining forward in leaps and bounds simultaneously, Zuck? I'm going to write my own app and call it DeepCheeks, and I'll give you one guess what that'll let you recognize with 97 percent accuracy.

Linux accounts for more than 60 percent of servers worldwide, a figure first cited back in 2008. That's a lot of servers running a lot of mission-critical software, which completely invalidates the pipe dream that the bad guys are ignoring Linux in favor of the supposedly weaker and more numerous Windows Servers.

1 2 Page
Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies