open source security flaw

Where Penguins and Daemons chill together in the warmth of the Sun.

Moderators: SecretSquirrel, notfred

open source security flaw

Postposted on Mon May 26, 2008 7:12 am

This article(and its comments) is pretty interesting.
http://www.dailytech.com/article.aspx?newsid=11869
Fighterpilot
Minister of Gerbil Affairs
 
Posts: 2420
Joined: Wed Jun 29, 2005 5:29 am
Location: your girlfriend's bedroom...

Re: open source security flaw

Postposted on Mon May 26, 2008 7:28 am

Yeah this has been a gigantic cockup. I've spent several hours installing the patches and regenerating keys, very time consuming and very annoying.
Fernando!
Your mother ate my dog!
cheesyking
Minister of Gerbil Affairs
 
Posts: 2281
Joined: Sun Jan 25, 2004 7:52 am
Location: That London (or so I'm told)

Re: open source security flaw

Postposted on Mon May 26, 2008 8:25 am

Several programmers should have to look over code before it gets put in any official release. The error was ridiculous. You can't just comment out code because it causes you problems, least of all when it's part of an important security module. I smell sabotage.

On the bright side, the problem had been fixed by the time the press got a hold of it, which is pretty good. I suppose I should boot into Ubuntu and update now.
Sheep Rustlers in the sky! <S> Slapt | <S> FUI | Air Warrior II/III
FireGryphon
Darth Gerbil
Gold subscriber
 
 
Posts: 7357
Joined: Sat Apr 24, 2004 7:53 pm
Location: the abyss into which you gaze

Re: open source security flaw

Postposted on Mon May 26, 2008 8:55 pm

Yup, this is a serious black eye for the Debian team, which (until now) had a pretty good track record on security issues.

We found and replaced a couple of "bad" keys on a Debian server we recently set up where I work. Fortunately, none of the affected services were exposed outside our workgroup before the flaw was discovered, so we should be in the clear.
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 37966
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: open source security flaw

Postposted on Mon May 26, 2008 9:08 pm

FireGryphon wrote:Several programmers should have to look over code before it gets put in any official release.


"Looks Good" is not a code review
Last edited by notfred on Tue May 27, 2008 9:48 am, edited 1 time in total.
Reason: See rule 3 about posting images
UberGerbil
Gerbil Khan
 
Posts: 9998
Joined: Thu Jun 19, 2003 3:11 pm

Re: open source security flaw

Postposted on Mon May 26, 2008 9:48 pm

UberGerbil wrote:*an awesome t-shirt*


Put some Debian reference on that shirt and it's worth $20. :lol:
Sheep Rustlers in the sky! <S> Slapt | <S> FUI | Air Warrior II/III
FireGryphon
Darth Gerbil
Gold subscriber
 
 
Posts: 7357
Joined: Sat Apr 24, 2004 7:53 pm
Location: the abyss into which you gaze


Return to Linux, Unix, and Assorted Madness

Who is online

Users browsing this forum: No registered users and 1 guest