Home

Open-Source Security Idiots

Submitted by srlinuxx on Thu, 05/15/2008 - 17:05.

Sometimes, people do such stupid things that words almost fail me. That’s the case with a Debian ‘improvement’ to OpenSSL that rendered this network security program next to useless in Debian, Ubuntu and other related Linux distributions.

OpenSSL is used to enable SSL (Secure Socket Layer) and TLS (Transport Layer Security) in Linux, Unix, Windows and many other operating systems. It also includes a general purpose cryptography library. OpenSSL is used not only in operating systems, but in numerous vital applications such as security for Apache Web servers, OpenVPN for virtual private networks, and in security appliances from companies like Check Point and Cisco.

Get the picture? OpenSSL isn’t just important, it’s vital, in network security. It’s quite possible that you’re running OpenSSL even if you don’t have a single Linux server within a mile of your company. It’s that widely used.

Now, OpenSSL itself is still fine. What’s anything but fine is any Linux, or Linux-powered device, that’s based on Debian Linux OpenSSL code from September 17th, 2006 until May 13, 2008.

What happened? This is where the idiot part comes in.

»

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Grumpy SJVN

Submitted by schestowitz on Fri, 05/16/2008 - 04:35.

It's very blunt (and true), but the use of the word "idiot" would hurt someone dearly.

»

It will hurt... who?!

Submitted by Béranger on Fri, 05/16/2008 - 06:48.

> the use of the word "idiot" would hurt someone dearly.

Who are you thinking of?

»

Make valgrind happy :-)

Submitted by schestowitz on Fri, 05/16/2008 - 09:16.

Make valgrind happy Smiling

»

SJVN is right to call them 'idiots'

Submitted by srlinuxx on Fri, 05/16/2008 - 04:55.

They have acted with upstream the wrong way. When you know they're complaining of Ubuntu for not sharing the bug fixes with them... you can now have a better definition for 'hypocrisy'.

SJVN is right to call them 'idiots', but they're even worse

»

Please Read These

Submitted by schestowitz on Sat, 05/17/2008 - 01:10.

I encourage you to read the comments in LT.

»

Administrators close doors on ethernet or internet ? Secured ?

Submitted by atang1 on Sat, 05/17/2008 - 04:14.

Security violated by peers are stopped by administrators. Ethernet and internet security hackers are easily stopped by administrators.

I disagree that each one of us should fix Linux operating system. Sudo never has peer or client hackers. Internet security is provided by firewalls and IP address detection and identification.

We can worry about all thing possible and probable; but hackers can not come thru synchronized(zero wait state jamming protection, already in IE6.0 update) atm data transmission(atomic clock time and date stamped packets restricted acceptance of allowable packet delivery time) thru cookie files. You have to break any applications in use and ctty the hdd or other storage devices. So far, internet is fairly secured with firewalls of two encryption keys(to and fro), and cookie file redirect protection(in Google toolbar).

»