Critical Security Hole in Linux Wi-Fi

thisispurefud writes "A flaw has been found in a major Linux Wi-Fi driver that can allow an attacker to run malicious code and take control of a laptop, even when it is not on a Wi-Fi network."

Linux Wi-Fi? What Linux Wi-Fi?

[Anonymous Coward]

A bug in Linux Wi-Fi doesn't matter. No one can get the fucking thing to work anyway.

Complex Hack

[dekkerdreyer]

Luckily this hack isn't for the ordinary Linux user. The hack requires WPA encryption to be activated. As anyone who uses Linux knows, WPA requires recompiling the kernel, compiling wireless tools, compiling wpasupplicant, recompiling both when you find that the default configuration for wpasupplicant is to not use WPA (wtf?), and finally modifying a handful of cryptic configuration files. Once that's done, WPA is still not likely to work with a particular kernel, hardware, and wireless card combination.

Once again, Linux is safe from such a common attack because only seven people have successfully set up WPA. If this had been a Windows flaw, where every machine natively understands WPA and no work at the command prompt is needed, this would be disastrous.

This shows that Linux has been taking the right stand. By making the machine difficult to get running, it's unlikely that the machine will be able to connect to anything and become infected. Windows made the mistake of making the machine easy to use, allowing for simply network connection and ease of ownership (OWN3D).

Tag..

[Anonymous Coward]

DefectiveByDesign? Oh wait ... wrong OS.

Re:In other news..

[Nezer]

In a way, the consumer is to blame for this.

Hmm... And here I am thinking the developers should take the blame for bugs.

Thanks for clearing this up. ;-)

What!?

[jav1231]

Wait! Someone got WiFi to work in Linux!?
Okay, easy...just saying this is one area that's always been behind in Linux.

Re:Freedom matters.

[The Bungi]

That's because you have not gotten your head around the fact that peer review makes for better code.

What part of "the flaw was in the open portion of the driver" did you manage to miss?

Re:Fixed Dec 15th on my box

[Kjella]

Slashdot: Last year's news for nerds, stuff that mattered

Re:There's more to the world than Microsoft.

[univgeek]

And when you figure out a better way to write drivers, do let the rest of us know.

Not being sarcastic here, but when you need to deal with bare metal is there any alternative?

Can any managed-memory code be used for drivers?