Chinese Balloon Shot Down Galaxy S23 Ultra: Hands-On Netflix Password-Sharing Crackdown Super Bowl Ads Google's Answer to ChatGPT 'Knock at the Cabin' Review 'The Last of Us' Episode 4 Foods for Mental Health
Want CNET to notify you of price drops and the latest stories?
No, thank you
Accept

Linux servers under the Phalanx gun: A problem with people, not code

A new Linux exploit can only be resolved if server administrators take security seriously, which may be asking too much.

As The Register reports Wednesday, Linux servers are increasingly under attack from Phalanx2, a "self-injecting kernel rootkit designed for the Linux 2.6 branch that hides files, processes and sockets and includes tools for sniffing a tty program and connecting to it with a backdoor."

According to The Register:

The attacks appear to use stolen SSH keys to take hold of a targeted machine and then gain root access by exploiting weaknesses in the kernel. The attacks then install a rootkit known as Phalanx2, which scours the newly infected system for additional SSH keys. There's a viral aspect to this attack. As new SSH keys are stolen, new machines are potentially vulnerable to attack.

The U.S. Computer Emergency Readiness Team has recommended an approach to counteracting the risk, but this is where Linux (and Windows and Solaris and...) security meets reality: Linux may be inherently more secure as a system, but ultimately security is a question of process and people, not merely code.

Administrators must apply the patches. If Linux server administrators are anything like Oracle server administrators--65 percent of whom never install critical security patches--then Linux security will be as fallible as that of any other system. If IT administrators won't secure Linux, it won't be secured.

Much is made about security in open source, and often for good reason. But judging from the lack of chatter on the Web about the Phalanx attacks, I'm not optimistic that we're responding fast enough as a community to this new security breach.