[Linux] KDE smokes MS in SSL bug fix

From: Orhan (drgunalan@gamebox.net)
Date: Wed 14 Aug 2002 - 01:11:19 EEST

• Next message: Mustafa Akgul: "[Linux] Postfix Whitepaper (fwd)"
• Previous message: a.kadir altan: "[Linux] Re: secure instant messanger?"
• Next in thread: Erkan Çevik: "[Linux] Postaci tmp directory"

KDE smokes MS in SSL bug fix
---------------------------------------
By Thomas C Greene in Washington
Posted: 13/08/2002 at 11:12 GMT

A serious flaw in SSL certificate handling reported by Mike Benham, affecting IE and Konqueror, has already been fixed by KDE's Waldo Bastian, we're pleased to mention.

The fix is available only in the CVS (Concurrent Versions System) tree at the moment, but KDE reckons it will have patched binaries available for its 3.0.3 version, available early next week. A patch for KDE 2.2.x is currently in the works.

As for Microsoft? According to Benham they haven't even replied to him yet. Apparently, real Trustworthy Computing takes an enormous amount of time.

Conversely, the speed with which the open source community jumps on security bugs and sorts them out is remarkable, and ought to be a solid selling point. Consider the nearly miraculous turnarounds by Mozilla.org on this bug, and this one. Consider a serious Apache bug fixed in less than 24 hours, though security sluts ISS shanked Apache.org with a premature-release publicity stunt.

SSL, we should point out, is one of the most important consumer security protocols in use on the Web. It's what makes your credit card transactions with pr0n sites appear safe. It's what persuades you that sensitive personal data which you entrust to a Web site is a secret between you and them. Only it's broken. Mozilla isn't affected; Opera (on Windows, at least) is fixed as of today; Konqueror will be fully patched by Monday or Tuesday, and IE is vulnerable and in Limbo while MS tries to figure out how to explain it to the teeming millions who trust their products, in preparation for eventually fixing it. But the spin comes first. That's the meaning of Trustworthy Computing.

Resource : http://www.theregister.co.uk/content/4/26653.html

-----------------------------------------------------------------------
Liste üyeliğiniz ile ilgili her türlü işlem için
http://liste.linux.org.tr adresindeki web arayüzünü kullanabilirsiniz.

Listeden çıkmak için: 'linux-request@linux.org.tr' adresine,
"Konu" kısmında "unsubscribe" yazan bir e-posta gönderiniz.
-----------------------------------------------------------------------

• Next message: Mustafa Akgul: "[Linux] Postfix Whitepaper (fwd)"
• Previous message: a.kadir altan: "[Linux] Re: secure instant messanger?"
• Next in thread: Erkan Çevik: "[Linux] Postaci tmp directory"