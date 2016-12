New and old vulnerabilites reinforce the need to keep Linux current

Cybersecurity—or lack thereof—was a recurring theme in the tech news of 2016. When it came to Linux, there seemed to be vunlerability after vulnerability that could put users at risk. Every so often, a vulnerability gets a catchy name, like the Dirty COW vulnerability that was patched after being present in the Linux kernel for nine years.

The good thing about these vulnerabilities is that they are generally patched quickly after they are discovered. The problem is that users have to patch their kernels to realize the security benefits. For users of desktop Linux and system administrators, this is generally not a big deal, since knowing how to update the packages on a system is one of the basic skills a Linux user should know.

However, Internet of Things (IoT) devices are nototiously difficult for the end user to keep updated because of the lack of access to an interface that allows it. (After all, not everyone knows how to SSH or telnet into their security camera, say.) The DDoS attack on the DynDNS service was blamed partly on a botnet that propogated through unpatched and unprotected IoT devices. Fedora’s project leader Matthew Miller told World Beyond Windows in an interview that he had concerns about security in the IoT ecosystem.

The takeaway for desktop Linux users? Just because you use Linux does not mean you’re exempt from the need to keep your system current. This practice is often hammered into Windows users, but Linux users need to to be just as vigilant about installing security updates whenever available.