Oh, the Who-manity: ‘Grinch’ security bug wreaks havoc on Linux

grinch security bug wreaks havoc on linux systems
A glitch called “Grinch” after the perennially loathed yet beloved Dr. Seuss cartoon character has recently been found laying low in the depths of Linux source code. It has the catastrophic potential to let bad guys to seize remote control of any and all devices based on the platform. Including Android mobiles, which at their core have Linux roots planted in their software.

By “remote control” IT network security provider Alert Logic means total, unrestricted command over any data stored on liable systems, plus the ability to install and execute trojans and other malware contents from a distance.

The way Grinch works is by allowing access to the su (aka super user) command, and letting unauthorized individuals manipulate the wheel group assigned by default to the legit admin of the system. This results in privilege escalation which ultimately gives the attacker full access to all system functions.

That sounds a lot like Shellshock’s mischievous capacity. However, according to Stephen Coty, Alert Logic’s Chief Security Evangelist, Linux admins and users can dodge attacks and remove all risk by implementing stronger methods of authentication and authorization.

Users can do this through PolKit, a policy management tool in Linux. To be frank, the settings users need to change to thwart to the Grinch are a bit over our heads, so we recommend you check out this recently broadcasted webinar about the “Grinch” flaw.

If you take authorization one step forward, and switch the default wheel assignment, you should stay clear of the green baddie with a heart two sizes too small, and enjoy your holidays in peace. Probably. Most likely. Hopefully.

Features

Exclusive: The Surface Hub 2S will revolutionize work. Here’s how it was made

Exclusive interviews with the designers, futurists, and visionaries behind the Surface Hub 2 paint a dramatic picture of how Microsoft thinks collaboration will change your office.
Gaming

10 Nintendo Switch tips and tricks to get the most out of your hybrid console

Have a new Nintendo Switch? Awesome! It's a great console from the moment you turn it on, but owners can make it even better by using a few simple tips and tricks. Here's what every Switch owner should know.
Gaming

Get in control with some of the best Xbox One gamepads you can get right now

A number of different controllers are available on the Xbox One, from gamepads made by Microsoft, to third-party controllers loaded with special features. Here are the best you can buy.
Computing

Microsoft reveals details of Surface Hub 2S, coming in June at $9,000

The Surface Hub 2 could be the most expensive whiteboard ever made, but it should be a powerful and capable one. With the ability to connect several of the 50-inch displays together, the picture at least, should be gorgeous.
Trash

Control is within your grasp with one of our favorite universal remotes

Get ready to simplify your home. Our top choices for the best universal remotes let you easily control your Blu-ray player, DVR, TV, A/V receiver, or any other device you may have tucked in your media hub.
Product Review

You won't buy Microsoft's Surface Hub 2S, but it could still change your life

The Microsoft Surface Hub 2S wants to change the way you collaborate at work. That’s a lofty goal most devices fail to achieve, but the unique Hub 2S could be an exception. And trust us – you’re going to want it.
Emerging Tech

How emotion-tracking A.I. will change computing as we know it

Affectiva is just one of the startups working to create emotion-tracking A.I. that can work out how you're feeling. Here's why this could change the face of computing as we know it.
Computing

Meet the mastermind behind Microsoft's massive new Surface Hub

Microsoft Chief Product Officer Panos Panay gives us an exclusive peek at the 85-inch Surface Hub 2, and explains how innovation and collaboration will transform your workplace.
Computing

Report says 20% of all 2018 web traffic came from bad bots

Distil Networks published its annual Bad Bot Report this week and announced that 20% of all web traffic in 2018 came from bad bots. The report had other similarly surprising findings regarding the state of bots as well.
Gaming

Learn to uninstall a Steam game and clear some space on your PC

Looking to learn how to uninstall Steam games? You've come to the right place. In this guide, we walk you through the process step by step, whether you want Steam to do it for you or handle the process manually.
Deals

Amazon strikes $100 off the price of Microsoft Surface Go tablets

If you've been eyeing Microsoft's Surface Go for its compact size and portability, now may be a great time to buy the tablet. Amazon has a $100 discount on the Surface Go, bringing the price of this slate down to just under $400.
Photography

Sweet 16: Wacom’s Cintiq 16 pen display makes retouching photos a breeze

Wacom’s Cintiq pen displays are usually reserved for the pros (or wealthy enthusiasts), but the new Cintiq 16 brings screen and stylus editing to an approachable price. Does it cut too much to get there?
Computing

Mueller report releases on CD, forces Congress to find PCs with disc drives

The Mueller report was released this week to Congress via CDs and congressional members had to find PCs with working disc drives to access the 400-page document. The redacted report was also released to the public on a website.
Gaming

Kick off your streaming career with our complete guide to Twitch broadcasting

Streaming games on Twitch for the first time can be daunting to say the least, but with a few simple steps, it's remarkably easy to do. Here's how to do so using a PC, Mac, Xbox One, or PlayStation 4 console.