beloved patriot in encryption armor discovered

Toggle sidebar Toggle sidebar
r_manic

r_manic

Administrator
Jan 7, 2009
5,159
1
26,160
An underlying flaw in the widely used encryption protocol Open Secure Shell (OpenSSH) has been made public by researchers from the Royal Holloway, University of London.

The flaw, which lies in version 4.7 of OpenSSH on Debian/GNU Linux, allows 32 bits of encrypted text to be rendered in plaintext, according to a research team from the Royal Holloway Information Security Group (ISG).
Click to expand...

Source
 
MrLinux

MrLinux

Distinguished
Dec 28, 2007
1,036
0
19,310
This is the big selling-point of Open Source; if it had been a Closed Source project, no one would have found the problem untill AFTER it had been exploited.
 
linux_0

linux_0

Splendid
Dec 18, 2005
5,314
0
25,860
MrLinux is right, most projects patch their code quickly.

Most closed source companies take years to patch problems if they ever patch them at all.

Besides when you have the source code you can fix the problem yourself, employ countermeasures or use different software.

I think this particular bug only affects Debian distros.
 
linux_0

linux_0

Splendid
Dec 18, 2005
5,314
0
25,860
You can also get someone to patch the code for you, either for free or for a fee.

Some projects release workarounds or a temporary patch if they are unable to release a patch immediately.

The point is you have a bazillion options :)

With closed source and vendor lock in you are at the mercy of the vendor. You have no way to audit the source code or anything like that. In most cases if you attempt to patch closed source software, perform security testing or disclose vulnerabilities, you can end up getting in serious legal trouble.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom