Personal computing discussed

Moderators: SecretSquirrel, notfred

 
Fighterpilot
Minister of Gerbil Affairs
Topic Author
Posts: 2420
Joined: Wed Jun 29, 2005 5:29 am
Location: your girlfriend's bedroom...

open source security flaw

Mon May 26, 2008 7:12 am

This article(and its comments) is pretty interesting.
http://www.dailytech.com/article.aspx?newsid=11869
 
cheesyking
Minister of Gerbil Affairs
Posts: 2546
Joined: Sun Jan 25, 2004 7:52 am
Location: That London (or so I'm told)
Contact:

Re: open source security flaw

Mon May 26, 2008 7:28 am

Yeah this has been a gigantic cockup. I've spent several hours installing the patches and regenerating keys, very time consuming and very annoying.
Fernando!
Your mother ate my dog!
 
FireGryphon
Darth Gerbil
Posts: 7491
Joined: Sat Apr 24, 2004 7:53 pm
Location: the abyss into which you gaze

Re: open source security flaw

Mon May 26, 2008 8:25 am

Several programmers should have to look over code before it gets put in any official release. The error was ridiculous. You can't just comment out code because it causes you problems, least of all when it's part of an important security module. I smell sabotage.

On the bright side, the problem had been fixed by the time the press got a hold of it, which is pretty good. I suppose I should boot into Ubuntu and update now.
Sheep Rustlers in the sky! <S> Slapt | <S> FUI | Air Warrior II/III
 
just brew it!
Gold subscriber
Administrator
Posts: 44612
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: open source security flaw

Mon May 26, 2008 8:55 pm

Yup, this is a serious black eye for the Debian team, which (until now) had a pretty good track record on security issues.

We found and replaced a couple of "bad" keys on a Debian server we recently set up where I work. Fortunately, none of the affected services were exposed outside our workgroup before the flaw was discovered, so we should be in the clear.
The years just pass like trains. I wave, but they don't slow down.
-- Steven Wilson
 
UberGerbil
Grand Admiral Gerbil
Posts: 10179
Joined: Thu Jun 19, 2003 3:11 pm

Re: open source security flaw

Mon May 26, 2008 9:08 pm

FireGryphon wrote:
Several programmers should have to look over code before it gets put in any official release.


"Looks Good" is not a code review
Last edited by notfred on Tue May 27, 2008 9:48 am, edited 1 time in total.
Reason: See rule 3 about posting images
 
FireGryphon
Darth Gerbil
Posts: 7491
Joined: Sat Apr 24, 2004 7:53 pm
Location: the abyss into which you gaze

Re: open source security flaw

Mon May 26, 2008 9:48 pm

UberGerbil wrote:
*an awesome t-shirt*


Put some Debian reference on that shirt and it's worth $20. :lol:
Sheep Rustlers in the sky! <S> Slapt | <S> FUI | Air Warrior II/III

Who is online

Users browsing this forum: No registered users and 1 guest