Can you show me anything in the article that anything about Firefox being hacked?
Clearly, the "more eyes creates better security" theory is blown to shreds for the vast number of open source projects.
Clearly, the "more eyes creates better security" theory is blown to shreds for the vast number of open source projects.
A pretty bold claim based on a perl-based wiki module being hacked. All software has bugs. The debugging process is an ongoing thing. Pretty good proof of the ongoing nature of this process is the fact that even without source code, we still see regular hacks of IE, which is, in todays terms pretty old and (allegedly) mature code. The open source model doesn't eliminate the possibility of defects, but it does make remediation quicker and more transparent for the most part. Some of us lappreciate that.
Um...no, it doesn't.
The article clearly states "...attackers looking to exploit a bug in the TWiki collaboration software..."
So the hack was on the Twiki software...not Firefox.
Clearly, the "more eyes creates better security" theory is blown to shreds for the vast number of open source projects.
Please. Much bigger holes were blown in the "closed source is more secure" argument with the sheer volume of viruses, trojans and worms spewed by Micro$lop's malware.
You guys have to go out of your way to find isolated instances of security breaches. Me, I get hundreds of copies of Microsoft's incompetence in the form of worm-based attacks in my web logs and e-mail viruses in my inbox on a weekly basis.
That's quite an unsupported leap to take from the information posted in the article. Specifically:
"After the July attack, the Mozilla Foundation changed procedures to be sure that security fixes were applied to the Spread Firefox server software, but administrators overlooked the TWiki application, which was no longer being used, Schroepfer said. "This one particular piece of software was an oversight and happened to not get updated," he said.
So the crack of the web site in question involved exploiting a known and fixed bug. The patch for which hadn't been applied since the web site wasn't using the software.