
Reliably compromising Ubuntu desktops by attacking the crash reporter - belltaco
https://donncha.is/2016/12/compromising-ubuntu-desktop/
======
woliveirajr
> The computer security industry has a serious conflict of interest right now.
> There is major financial motivation for researchers to find and disclose
> vulnerability to exploit brokers (...)

> To improve security for everyone we need to find sustainable ways to
> incentivize researchers to find and disclose issues and to get bugs fixed.
> We can’t and we shouldn’t rely on researchers giving away their work for
> free to for-profit vendors.

This. Despite that being said (using other words) in some other blogs and
reports, this is the main point of bug haunting. People have to eat and live,
in the end of the day, and when the dark side pays much more that the brighter
one, it's hard to defend that only responsible disclosures will happen.
Because, well, it won't work like that.

------
c8g
I heard linux is secured!! Should I (we) stop using gui to be secured?

~~~
supercoder
The desktop is pretty insecure whatever OS you use.

If you want a secure platform iOS is your best bet

~~~
DyslexicAtheist
I agree.

Also for server security, vendor bloat is as much a problem for Linux as it
was for Microsoft (since always). Microsoft went through decades[1] of
ridicule which resulted into immense internal pressure to improve security.

When you compare major linux distros now (and look at the lkml or other open
source communities) then Linux hasn't changed much since the 90ies. It's still
full of people who are almost religious when it comes to accepting that just
because a system is open source doesn't automatically make it more secure.

Monolothic kernel with containers? anyone who has the luxury of starting new
(Like Linus in the 90ies) would point the finger and laugh. Some people laugh
now, but nobody hears them because we already have this cool thing called
linux so why would you re-invent the wheel ...? (so seems the logic towards
anyone who questions the design) ... If you say Linux is less secure than
Microsoft or Apple you must be a troll (is the answer to most who dare to say
apple / microsoft are more secure than Linux)

[1] [http://trustworthycomputing.com](http://trustworthycomputing.com)

~~~
DyslexicAtheist
QubesOS FTW!

------
BuuQu9hu
Very interesting conclusion on this post.

