Skip to comments.
Open-Source Security Comes Under Fire
eWeek ^
| November 22, 2002
| Dennis Fisher
Posted on 11/25/2002 10:00:29 AM PST by Bush2000
Edited on 04/13/2004 2:58:57 AM PDT by Jim Robinson.
[history]
Thanks to several high-profile vulnerabilities and an overall increase in the number of flaws, open-source software has taken over Microsoft Corp.'s position at the bottom of the security heap. A recent research note from two analysts at the Aberdeen Group calls open-source software and Linux distributions the "2002 poster children for security problems." Of the 29 advisories issued through October by the CERT Coordination Center at Carnegie Mellon University in Pittsburgh, 16 of them addressed vulnerabilities in open-source or Linux products.
(Excerpt) Read more at eweek.com ...
TOPICS: Business/Economy; Technical
KEYWORDS: crapware; opensource
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-68 next last
1
posted on
11/25/2002 10:00:29 AM PST
by
Bush2000
To: All
ABMers, your emperor is wearing no clothes. Enjoy.
2
posted on
11/25/2002 10:00:59 AM PST
by
Bush2000
To: Bush2000
I knew this was our post before I clicked on it. I can't seem to find anything in this post related to the purpose of this site:
"We're working to roll back decades of governmental largesse, to root out political fraud and corruption, and to champion causes which further conservatism in America. And we always have fun doing it. Hoo-yah!"
But, none of you posts ever seem to have anything to do with the purpose of this site.
The only reason you post these types of articles is to start conflicts here. You "troll" here on FreeRepublic, as you told me in one Freepmail recently.
NOTE: B2K only posts items like these to bring out other Freepers that he can argue with over his oddball and rather strange fixation on most anything non-Microsoft. Usually Linux. As in this case.
To: Bush2000
ABMers, your emperor is wearing no clothes. Enjoy. I'm hardly ABM, but who was the company that just had a problem with 'Data Access Components', where part of the 'solution' to the problem is to:
What steps could I follow to prevent the control from being silently re-introduced onto my system? "The simplest way is to make sure you have no trusted publishers, including Microsoft"
See the MS02-065 security bulletin.
What happened to 'Trusted Computing'?
People; glass houses; just saying.
4
posted on
11/25/2002 10:21:19 AM PST
by
Lorenb420
To: Bush2000
Tee hee.....
5
posted on
11/25/2002 10:28:47 AM PST
by
TomServo
To: Bush2000
A possible reason for this is that virtualy all of the routers and other front end products that bare the brunt of an atack, all run linux. None of them run microsoft. Most of these devices are shipped with an embeded OS and are never updated.
From my experience, if you put a windows box directly on the internet through a dial up connection or a cable connection, it will not only be infected within an hour but it will be participating in the atack of other machines within an hour.
6
posted on
11/25/2002 10:30:16 AM PST
by
babygene
To: Bush2000
Now, if Bill Gates could just stop boring us to death
with an endless parade of buttons and boxes , maybe he'd
have something!
7
posted on
11/25/2002 10:58:43 AM PST
by
The Duke
To: Bush2000
Of the 29 advisories issued through October by the CERT Coordination Center at Carnegie Mellon University in Pittsburgh, 16 of them addressed vulnerabilities in open-source or Linux products. While this is true of CERT alerts, MS itself has issued itself I believe 35 Security alerts this year alone on its products, let alone the CERT alerts. While no software is invulnerable, I think this article is a little misleading.
To: HamiltonJay
I think this article is my comments are a little misleading.
Fixed it for you.
9
posted on
11/25/2002 11:50:04 AM PST
by
Bush2000
To: Bush2000
Keep up the good fight Bush... I know dancing Steve appreciates it.
To: Bush2000
Ok guys - what is up with this article? You see, I actually WENT to the CERT site (www.cert.org/advisories/) to check on the vulnerabilities listed.
Looking at the 2002 list, I found:
Company/program (# of vulnerabilities)
Microsoft (5)
The next most common were:
CDE (3)
OpenSSL / OpenSSH (4)
How many did I find for Linux? NONE!
Also, if you actually READ into the Microsoft vulnerabilities, there are 16!!! not 5. You see, some of the vulnerabilities are so bad, they are simply listed as "mulitple vulnerabilites in ...."
I wonder of the author actually did any research? From the looks of it - no. But please, don't take my word for it. Go to the site and check it out for yourself.
To: Bush2000
Gee, putting my source code out for all to see...
That is just about as smart as playing catch with nitroglycerine.
12
posted on
11/25/2002 12:41:12 PM PST
by
hchutch
To: hchutch
Gee, putting my source code out for all to see...That is just about as smart as playing catch with nitroglycerine.
Why? Is your code that bad?
To: ShadowAce
It doesn't matter how good or bad my code is - if it's out there, someone will find a way to mess it up.
The honest folks will advise me of that - but the nasty ones - the cybercriminals who make viruses, won't. Instead, they'll write stuff that will cause a royal mess.
14
posted on
11/25/2002 12:55:01 PM PST
by
hchutch
To: taxcontrol
I wonder of the author actually did any research? From the looks of it - no. But please, don't take my word for it. Go to the site and check it out for yourself.
The article is referring to components which ship with common Linux distributions. Look, every time Linux advocates want to sell your OS, you point to the components (Apache, etc) and talk about the value proposition. But when bugs are found in those components, you disclaim them as "not part of Linux". Sorry, but you can't have it both ways. The article is dead-on.
15
posted on
11/25/2002 12:55:24 PM PST
by
Bush2000
To: Bush2000
You know what, OpenSSL/OpenSSH can be installed for Windows as well. Should we count their vulnerabilities towards Windows as well?
To: taxcontrol
"Should we count their vulnerabilities towards Windows as well?"
Good point...
17
posted on
11/25/2002 2:05:31 PM PST
by
babygene
To: HamiltonJay
I think this article is a little misleading.A little misleading? The "report" only cites the CERT advisories and doesn't even mention Bugtraq. The authors are a former "senior product marketing manager with a major systems supplier" and a former business/marketing consultant... neither with any systems security experience outside of Aberdeen.
This "report" is about worth the paper it's printed on.
To: taxcontrol
You know what, OpenSSL/OpenSSH can be installed for Windows as well. Should we count their vulnerabilities towards Windows as well?
OpenSSL/OpenSSH don't ship with Windows. But they DO ship with Red Hat Linux. Any more softballs? I've got a bat ready.
19
posted on
11/25/2002 2:40:48 PM PST
by
Bush2000
To: TechJunkYard
A little misleading? The "report" only cites the CERT advisories...
So what. The CERT advisories are a metric. And by that standard, it's readily provable that open source isn't any more secure than closed source.
This "report" is about worth the paper it's printed on.
Neither is your post.
20
posted on
11/25/2002 2:42:38 PM PST
by
Bush2000
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-68 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson