Claranet looking for a new sysadmin

… or at least they should be.

I read earlier how Claranet (an ISP) became the first victim to the kernel bug disclosed a few days ago:

Hackers used a bug in the sys_vmsplice kernel call, which handles virtual memory management, to gain root privileges and replace Claranet customers’ index.html files with the hacker’s calling card.

The exploit was noticed at about 6pm on Tuesday.

Claranet said: “Malicious activity related to the vulnerability was detected on Claranet’s shared hosting platform. Within 10 minutes Claranet contained and halted the malicious activity, and locked down the platform to prevent further damage.

To be fair to Linux here, this was patched hours after being disclosed, with source released at the very same time. Distribution vendors take more time to build their packages with the new code but this process is sped up logarithmically for security holes — Ubuntu, for example, had patched kernels out the next day.

So source code out there, new kernels available shortly after disclosure. Two days later, an Claranet gets hacked. Their admins should have been all over this. I’m just a user and I knew about this just 4 hours after it came out.

On a different note, if you want a laugh, take a look at the nonsense going on in the Register’s comment thread for their posting on Claranet getting hacked. It’s amazing what people’ll say. One example:

With all you Linux fanbois harping on constantly about how secure your system is you tend to forget that believing your own bullshit compromises your systems.

Sigh. Competancy would have avoided this.