Open Source: A False Sense of Security?
Over the last couple of years, as security vulnerability reports have piled up on products from such big vendors as Microsoft Corp., Oracle Corp. and Cisco Systems Inc., open-source advocates have snickered. If only those vendors would release their source code and let the open-source community at it, all their problems would go away, they said. And when the Code Red and Nimda worms chewed their way through hundreds of thousands of unpatched Microsoft Internet Information Services servers last year, Apache users sat back and smiled, believing nothing like that could happen to them.
Then it did.
In late July, researchers found several flaws in the OpenSSL tool kit, which is commonly used for secure transmissions on Apache servers. About six weeks later, someone released a worm called Slapper that exploited the vulnerability and not only installed a back door on each infected server but also turned machines using OpenSSL into a waiting army of zombies by dropping in a DDoS (distributed-denial-of-service) tool kit as well.
More at eWeek
- MS Buys Liquid Audio DRM Patents
- Via Licenses Bluetooth Technology
- Intel said to ship a million 845 SDRAM chipsets to ECS at cut-rate price
- Dell takes lead in lowering LCD monitor prices
- Clip-On Wi-Fi Captain Picard would be proud to use
- Lotus comes into its own, again
- Tyan launches dual-Xeon server board Tiger i7500
- AMD "Paper Launches" 2700+, 2800+ Athlon XP
- Sony Unveils DVD-RW Notebooks and DVD Software
- IBM Rolls Out Smallest Desktop PC
- Bugbear Virus Still Running Wild
- DataPlay temp shut down
- Dell expected to pick up outsourcing of networking products to Taiwan
- AMD cuts 3Q sales estimate by US$100 million
- Business 2.0 Publishes List Of Top 100 Fastest Growing Tech Companies
- Asus Releases New BIOS for P4T533 That Supports Jackson?
- Intel, AMD processor prices appear more stable in 4Q
- Earnings: Bright Spot For ATI
