Linux & Windows HP Printing Services Vulnerability Patched
Posted on October 13, 2007
Filed Under Article, Alerts |
This breach and patch cycle brings to light an interesting issue in maintaining a secure setup. The security alert(a XSS vulnerability) was publicly issued on October 3rd, and the Ubuntu patch was pushed out on the 12th(it may take a day or two for you to see it). That’s at least a 9 day window, where the only real defense was to take either your browser off-line or your printing services off-line, and manually only run only one or the other at a time.
This is a remote code execution security breach, which makes it one of the worst types of security breach there is. Such breaches, turn remote access into local access and are just a short hop away from privilege escalation and you loosing control of your computer(often without you ever knowing about it). I know the common sentiment is that Linux boxes are not really targeted by hackers, but, you have to rid yourself of that sentiment and quickly. As it turns out, people who commit most digital crime prefer Linux boxes as either spoof web site hosts or command and control machines for botnets. As such, your Linux machines are actually more desired by the phishers and bot-herders than the rank and file Windows machines that make up the vast majority of botnets.
The arena of digital crime and digital warfare is heating up, and with your highly desired Linux machine it’s important to understand these security concerns and stay vigilant and on top of your systems security.
-John W
Comments
Leave a Reply