http://arstechnica.com/information-technology/2015/01/heads-up-dear-leader-security-hole-found-in-north-koreas-home-grown-os/
By Sean Gallagher
Ars Technica
Jan 9, 2015
North Korea is a technological island in many ways. Almost all of the
country's "Internet" is run as a private network, with all connections to
the greater global Internet through a collection of proxies. And the
majority of the people of the Democratic People's Republic of Korea who
have access to that network rely on the country's official operating
system: a Linux variant called Red Star OS.
Red Star OS, first introduced in 2003, was originally derived from Red Hat
Linux. In theory, it gave North Korea an improved level of security
against outside attack—a Security Enhanced Linux operating system based on
Red Hat that could enforce strict government access controls on the few
who got to use it.
However, because Red Star has had so few people with access to it, one of
the ironic side effects has been that security holes in the operating
system may have gone undetected. And as a security researcher who tested
the latest release of Red Star's desktop version reported today, one flaw
in the system would allow any user to elevate their privileges to those of
the system's root account and bypass all those security policies put in
place by the North Korean regime.
Red Star OS Desktop 3.0, which recently found its way onto torrents and
various download sites as an .ISO image, is interesting for a number of
reasons, including its attempt to look like Apple's Mac OS X (earlier
versions of Red Star mimicked Windows' user interface).
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
