Huge Hole in Open Source Software Found, Leaves Millions Vulnerable

jmke · 23rd May 2008, 22:39

For all the criticism of Microsoft and its security flaws, the software giant has made an impressive turnaround. While Vista has been derided for a variety of reasons, most would agree that it’s much more secure than Windows XP. Recently, a hacker conference showed just how vulnerable systems running Mac OS X are, due to their slow rate of patches. The Mac machine was hijacked within 10 minutes, while the Linux and Windows boxes survived the day.

Now an even worse security flaw has been found in some of the basic code used by a wide variety of Linux security programs. The error originated back in May 2006 when workers on the open-source security project committed a grave and unrealized error.

http://www.dailytech.com/Huge+Hole+i...ticle11869.htm

jmke · 23rd May 2008, 22:40

Quote:

Be careful. This whole article implies that the problem is more widespread than it really is.

Only distributions (like Ubuntu) that use the Debian repositories were affected. NONE of the commercial vendors and most of the other major distributions (RPM-based, source-based, etc.) are completely unaffected. This also only affects keys generated on Debian derivatives.

Further, Ubuntu is distributing with the updated OpenSSH packages a key blacklist and vulnerability assessment utility. Users who have bad keys are being notified at the time of update that their keys may be compromised.

Please don't imply any differently. The situation is under control.

...

23rd May 2008, 22:39	#1
jmke Madshrimp Join Date: May 2002 Location: 7090/Belgium Posts: 79,021	Huge Hole in Open Source Software Found, Leaves Millions Vulnerable For all the criticism of Microsoft and its security flaws, the software giant has made an impressive turnaround. While Vista has been derided for a variety of reasons, most would agree that it’s much more secure than Windows XP. Recently, a hacker conference showed just how vulnerable systems running Mac OS X are, due to their slow rate of patches. The Mac machine was hijacked within 10 minutes, while the Linux and Windows boxes survived the day. Now an even worse security flaw has been found in some of the basic code used by a wide variety of Linux security programs. The error originated back in May 2006 when workers on the open-source security project committed a grave and unrealized error. http://www.dailytech.com/Huge+Hole+i...ticle11869.htm __________________

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
AMD Accelerates Application Development with Inaugural Release of Open Source Perform	jmke	WebNews	0	20th February 2008 09:22
IBM snubs OS/2 open source plea	Shogun	WebNews	0	22nd January 2008 21:12
20 Open Source Windows Apps For You	jmke	WebNews	1	9th September 2007 15:55
Huge Security Hole Found in Symantec Antivirus Software	jmke	WebNews	0	27th May 2006 14:42
Catalyst® Software Suite 6.2	Sidney	WebNews	0	9th February 2006 20:13
How To Choose An Open Source CMS	jmke	WebNews	1	25th January 2006 18:21
Open source, open wallet	Sidney	WebNews	2	7th November 2005 15:53
Open Source Myths	jmke	WebNews	0	26th July 2004 12:00