| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Students uncover dozens of Unix software flaws | |
|
||
| Time: 02:36 EST/07:36 GMT | News Source: CNET | Posted By: Robert Stein | ||
|
Students of iconoclastic computer scientist Daniel Bernstein have found some 44 security flaws in various Unix applications, according to a list of advisories posted online. The flaws, which range from minor slipups in rarely used applications to more serious vulnerabilities in software that ships with most versions of the Linux operating system, were found as part of Bernstein's graduate level course at the University of Illinois at Chicago. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 156 Last | Next |
The time now is
5:07:32 AM
ET.
Any comment problems? E-mail us |
| #1 By 1401 (69.40.42.177) at 12/16/2004 8:32:51 AM |
| NOOO!!! It's impossible! Flaws in Unix! Can't be - only Windows has flaws... |
| #2 By 2960 (156.80.64.153) at 12/16/2004 8:52:44 AM |
| Let's turn em' loose on Windows :) |
| #3 By 2332 (66.92.78.189) at 12/16/2004 9:08:09 AM |
| I find it interesting that these flaws, which were so easily found by a bunch of students, have survived so long in the wild under the scrutiny of the "many eyes" of the open source movement. |
| #4 By 16451 (65.19.16.196) at 12/16/2004 9:25:05 AM |
|
>>> these flaws, which were so easily found by a bunch of students
Actually, if you lower yourself to read the source article, you would see that those flaws were not that easy to find, as evidenced by most of the class failing. The real situation is that a class of 25 were tasked to find and exploit 10 flaws each during the term of the course. The group fell considerably short of this; only 44 flaws were found out of the target 250. |
| #5 By 2231 (68.100.199.62) at 12/16/2004 9:26:37 AM |
| RTFA. The flaws were not in Unix, but in Unix based applications. Calling them Unix flaws is specious. |
| #6 By 3653 (63.162.177.143) at 12/16/2004 11:07:25 AM |
|
RH7.3 - "flaws were not that easy to find" "only 44 flaws were found"
Dude, the "target" is irrelevent. FOURTY FOUR can not be prefaced with the word "only". And they were not difficult to find... as they were STUDENTS. |
| #7 By 13797 (206.194.127.111) at 12/16/2004 12:36:28 PM |
|
mooresa56: Right, because these graduate students are beginners taking their first class in C++.
These are students who are working on their Master's degrees, most of them probably looking for jobs as professional programmers after they finish. In addition, many of the apps listed are fairly obscure. How many people really use the BSB image format, or ABC or HPGL files? The upside to all of this is that the opportunity was there for the students to find the flaws. The downside is that they have no way to compare it to most commercial software, so your dismissal of the use of the word "only" is naive at best, and flaming at worst. It's possible that, were they to look at Windows software, they might find only a dozen flaws, or they might find hundreds or thousands. There's no way to compare because there's no scale. Parkker: So is closed-source in some cases. Internet Explorer 6 is the subject of 74 advisories, Opera has 33, and Firefox 4. Of these, Firefox and Opera each have three outstanding, and IE has 20 outstanding, including four rated High Risk, one of which was reported in August 2003. Note that in all three cases, one of the listed vulnerabilities is the newly-discovered content spoofing attack Secunia reported on recently, but it is listed as a Moderate Risk. The remaining entries for Firefox and Opera are listed as Low or Moderate Risk. |
| #8 By 13797 (206.194.127.111) at 12/16/2004 5:41:24 PM |
|
The total number of Secunia advisories for all versions of Mozilla, Firefox, and Netscape using the post-Netscape 4 codebase is 35, when accounting for those that cross multiple versions and products. Yes, I checked all of the entries, and compared all of the SA numbers. IE6SP2 still has ten open vulnerabilities (12321, 12806, 12889, 13124, 13156, 13203, 13317, 13251, 13404, and 13482). You're trying to pick one particular revision of IE to counterbalance the entire history of the Mozilla project, and it's not working. I haven't been fooled by anything.
You're a walking dictionary of logical fallacies. Exclusion, straw man, composition, popularity, attacking the person, slothful induction... and those are just the ones on the surface. By the way, I use Windows on a daily basis in my job as a network engineer on a 14,000-user network. My job revolves around Windows. I'm reasonably good at Linux, but it's not my core skillset. In contrast to most of my peers, I still see a mixed network as the actual best solution. I have my preference of brand for servers, which is not the same preference I have for desktops, which is not the same preference that I have for notebooks. In all three cases, though, I'm not tied to that brand by some blind loyalty, and will accept something new if it is demonstrably better. I still would like to see five top Windows techs and five top Linux techs be given the same hardware to set up networks for 10, 100, 1000, and 10,000 people (with workstation traffic simulations). Neither side seems to want to do that, even though it's the only way to really point out the strengths and weaknesses in the platforms. Everyone chooses some specific point on which to compete, instead of the overall best, which makes sense at the low end -- you can't expect one person or even a group of people to be able to afford what it takes to do this -- but everyone at the high end is worried about losing business if the other side proves to be better. |
| #9 By 13797 (69.166.212.242) at 12/17/2004 12:38:19 AM |
|
I used no insults. I simply pointed out the logical fallacies which I've witnessed you using.
And when I pointed out the error in your position on IE6SP2, you then retreated to pointing out that all of the browsers have vulnerabilities yet to be discovered. In my initial post, I mentioned the three dominant browsers. It wasn't dishonest, but perhaps it wasn't the proper scale (and I did use only IE6, not "the whole history of IE" which has IE 5 and 5.5 to consider), and you challenged me on that point. When I then did deliver the scale for which you asked (all of the Mozilla codebase history against IE6), you still came down on the losing end of the debate over browser flaws. Your only recourse was to attempt to isolate your point by using IE6SP2 against the entire Mozilla codebase -- and yet again you found yourself in a corner with your assertions which appear to have little research backing them. Finally, I'll ask that you please stop attributing words to me. I never once called them "hard core" programmers. I only said that they would likely seek jobs as professional programmers after graduation. I can only attribute your second mention of it to a need to somehow prove yourself. You're free to use insults, I suppose, and I'll just use researched facts, and we'll let the crowd decide who has the better argument. |
| #10 By 16451 (65.19.17.153) at 12/18/2004 5:51:52 PM |
|
#25 >>> I hear PHP is riddled with security problems as well. Arguably the most critical vulnerability is in a function used to compact data for storage.
Oh no, a bug in the pack function. Now there's a function that you use use dozens of times on every web page... |
|
Write Comment
Return to News |
Displaying 1 through 25 of 156 Last | Next |
The time now is
5:07:32 AM
ET.
Any comment problems? E-mail us |
