This article(and its comments) is pretty interesting.
http://www.dailytech.com/article.aspx?newsid=11869
open source security flaw
Moderators: SecretSquirrel, notfred
6 posts
• Page 1 of 1
open source security flaw
posted on Mon May 26, 2008 6:12 am
- Fighterpilot
- Minister of Gerbil Affairs
- Posts: 2398
- Joined: Wed Jun 29, 2005 4:29 am
- Location: your girlfriend's bedroom...
Re: open source security flaw
posted on Mon May 26, 2008 6:28 am
Yeah this has been a gigantic cockup. I've spent several hours installing the patches and regenerating keys, very time consuming and very annoying.
Fernando!
Your mother ate my dog!
Your mother ate my dog!
- cheesyking
- Minister of Gerbil Affairs
- Posts: 2178
- Joined: Sun Jan 25, 2004 6:52 am
- Location: That London (or so I'm told)
Re: open source security flaw
posted on Mon May 26, 2008 7:25 am
Several programmers should have to look over code before it gets put in any official release. The error was ridiculous. You can't just comment out code because it causes you problems, least of all when it's part of an important security module. I smell sabotage.
On the bright side, the problem had been fixed by the time the press got a hold of it, which is pretty good. I suppose I should boot into Ubuntu and update now.
On the bright side, the problem had been fixed by the time the press got a hold of it, which is pretty good. I suppose I should boot into Ubuntu and update now.
Sheep Rustlers in the sky! <S> Slapt | <S> FUI | Air Warrior II/III
AMDPhenomIIX3 720 | 4GBDDR2 | RadeonHD4870 | WD CaviarBlack640 | AntecSonataIII | Logitech KB/M | HOTAS Cougar | CSW PC Works | GradoSR80 | XPPro
AMDPhenomIIX3 720 | 4GBDDR2 | RadeonHD4870 | WD CaviarBlack640 | AntecSonataIII | Logitech KB/M | HOTAS Cougar | CSW PC Works | GradoSR80 | XPPro
- FireGryphon
- Darth Gerbil
- Posts: 7083
- Joined: Sat Apr 24, 2004 6:53 pm
- Location: the abyss into which you gaze
Re: open source security flaw
posted on Mon May 26, 2008 7:55 pm
Yup, this is a serious black eye for the Debian team, which (until now) had a pretty good track record on security issues.
We found and replaced a couple of "bad" keys on a Debian server we recently set up where I work. Fortunately, none of the affected services were exposed outside our workgroup before the flaw was discovered, so we should be in the clear.
We found and replaced a couple of "bad" keys on a Debian server we recently set up where I work. Fortunately, none of the affected services were exposed outside our workgroup before the flaw was discovered, so we should be in the clear.
(this space intentionally left blank)
- just brew it!
- Administrator
- Posts: 35174
- Joined: Tue Aug 20, 2002 9:51 pm
- Location: Somewhere, having a beer
Re: open source security flaw
posted on Mon May 26, 2008 8:08 pm
FireGryphon wrote:Several programmers should have to look over code before it gets put in any official release.
"Looks Good" is not a code review
Last edited by notfred on Tue May 27, 2008 8:48 am, edited 1 time in total.
Reason: See rule 3 about posting images
Reason: See rule 3 about posting images
- UberGerbil
- Gerbil Khan
- Posts: 9833
- Joined: Thu Jun 19, 2003 2:11 pm
Re: open source security flaw
posted on Mon May 26, 2008 8:48 pm
UberGerbil wrote:*an awesome t-shirt*
Put some Debian reference on that shirt and it's worth $20.
Sheep Rustlers in the sky! <S> Slapt | <S> FUI | Air Warrior II/III
AMDPhenomIIX3 720 | 4GBDDR2 | RadeonHD4870 | WD CaviarBlack640 | AntecSonataIII | Logitech KB/M | HOTAS Cougar | CSW PC Works | GradoSR80 | XPPro
AMDPhenomIIX3 720 | 4GBDDR2 | RadeonHD4870 | WD CaviarBlack640 | AntecSonataIII | Logitech KB/M | HOTAS Cougar | CSW PC Works | GradoSR80 | XPPro
- FireGryphon
- Darth Gerbil
- Posts: 7083
- Joined: Sat Apr 24, 2004 6:53 pm
- Location: the abyss into which you gaze
6 posts
• Page 1 of 1
Return to Linux, Unix, and Assorted Madness
Who is online
Users browsing this forum: No registered users and 1 guest
