Back in May, TechRepublic bloggers Chad Perrin (Security) and Vincent Danen (Linux) pretty thoroughly covered the Debian-based flaw concerning the OpenSSL vulnerability. Vincent showed you how to find and fix your weak keys and Chad provided some additional methods to patch up any problems with cryptographic keys. Well apparently, not everyone heeded the security warning and applied the patches, because Phalanx 2 is on the loose.
According to the US Computer Emergency Readiness Team (US-CERT), attackers are using compromised SSH keys in a local kernel exploit to get into the root system.
…once attackers have control of the system, they install a Linux kernel rootkit called ‘phalanx2’. This steals more SSH keys, which are then sent to the intruders. (ZDNet UK)
ComputerWorld‘s Steven J. Vaughan-Nichols is hopping mad in his post, “Linux security idiots,” in which he rails against Linux system administrators for being slackers and suggests a career in the fast-food industry.
…for attacks like phalanx2, where simply being aware of recent major security problems and updating systems would have stopped the assault in its tracks, there is no excuse.
Over at CNET’s Open Road blog, Matt Asay says it all in his headline, “Linux servers under the Phalanx gun: A problem with people, not code.” Now what is interesting here in both Vaughan-Nichols’ and Asay’s posts, is that the blame is placed squarely on those dumb old admins who didn’t patch correctly (not the flawed code), whereas — as at least one commenter pointed out in Asay’s blog — when a security flaw wreaks havoc on Windows-based systems, it’s all Microsoft’s fault and due to its inherent weakness, not just careless administrators. Is there a double-standard at work here?