Glass Box Voting

Some reminders of security holes in open source software:

Debian-Ubuntu Key Generation Flaw of 2006-2008

That was a huge flaw that went unnoticed that introduced serious vulnerabilities in to countless systems.  The code was sitting there for everyone to see, but nobody looked there and understood what it meant for almost two years (don’t quote me on the timeline).

OpenSSL

OpenSSL is secure, but has had to patch a number of security vulnerabilities over the year.  Note this case - this is code that’s always been open, developed by cryptographers, and FIPS 140-2 validated.

DNS

Dan Kaminsky’s DNS flaw is a case of a protocol flaw.  Correct implementations of the protocol had a catastrophic security flaw.  I want to highlight that Kaminsky did an excellent job of responding to the bug when it was discovered. I recommend you read Kaminsky’s thoughts written after the aftermath of the flaw had run its course.

This entry was posted on Friday, August 22nd, 2008 at 8:36 am and is filed under general. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.