It's of some interest in that it was a post from a new user and in a thread that hadn't been posted to for four years.
LOL I wonder if there's any reason why someone would be spear-phishing a user on on this site?
Actually, I'm more into coincidences than I am into conspiracies.
I find it weird that the program hasn't been updated in a while. So, if there is a problem with atop (which I do have installed) then I'd be a bit surprised to see that it has managed to survive this long without being noticed by anyone.
However, the person who is giving said warnings is a very reputable person.
So, if it's an older exploit in the code, it'd be a bit late to try using it - especially after this warning has been issued.
I think it's important to remember that Linux has security issues like these. This software is not always vetted as well as it could be and bad actors know how to infiltrate projects. As we don't have the more robust anti-virus offerings, this wouldn't even trigger the AV options we do have as there's no known signature for it. We don't have anything like heuristic analysis tools to scan entire repositories, or new code when it works its way downstream. Some Windows AV is robust and there's a chance that it'd be spotted (and stopped) based on the behavior of the application.
This doesn't mean that Linux is woefully insecure, it just means that there are entry points for bad actors. However, it's also open source, meaning someone's eventually going to look at the code. The saying is, "Many eyes make all bugs shallow." And that includes security-related bugs and bugs place there intentionally.
I'm not the type to immediately jump to the idea that something is some sort of conspiracy, but I do find it unusual that the user would reply to an old thread just a day before this comes out in the tech news. It's a weird coincidence but it doesn't make me immediately think it's some sort of grand conspiracy.
I'm not seeing much out there at HN or Slashdot.
I've been 'out of the office' for a good chunk of today, but I'll definitely keep my eyes out for more information. We'll have to see more reporting on the matter.
www.theregister.com
