Feeds

KDE fixes SSL hole as MS dithers

Speed vs spin

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

New KDE binary RPMs have been released, as promised, with a fix for the SSL certificate vulnerability affecting Windows and Konqueror which we reported last week.

"KDE 3.0.3 primarily provides stability enhancements over KDE 3.0.2, which shipped in early July 2002, and also contains a security correction for SSL (Internet security) certificate handling," the organization says.

Also, a patch for KDE 2.2.2 is available for those who prefer not to upgrade their systems to KDE 3.

In the mean time, MS has decided to whitewash the affair and persuade users that the bug in their operating system is harmless, in flagrant disregard of the handy exploit code that's already been released.

Now it's fair to point out that fixing an application like Konqueror is a hell of a lot easier than fixing an operating system like Windows, and no doubt Redmond geeks are working around the clock to address this issue. Still, the open-source community consistently blows MS' doors off in getting on top of security holes, as we've observed on several past occasions. Fair enough; MS is a huge company with numerous products, and it's extravagant to expect them to respond with the speed of more compact organizations.

What's galling here is not the pace so much as the denial. As our readers know, a purloined private key and a bit of ARP spoofing will permit any junior hacker to grab a third party's SSL session. Yet MS refuses to warn its customers, but instead lulls them into a false sense of security. We're reminded of the Hotmail/Wallet hole discovered by Marc Slemko, over which MS was satisfied to leave millions of Passport customers at risk until the story was published. Only then did they grudgingly shut down the service briefly to fix it, while bitching about Slemko's decision to warn people about it.

It's moments like these that make us wonder how any Microserf can utter the words "Trustworthy Computing" with a straight face. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Microsoft on the Threshold of a new name for Windows next week
Rebranded OS reportedly set to be flung open by Redmond
'In... 15 feet... you will be HIT BY A TRAIN' Google patents the SPLAT-NAV
Alert system tips oblivious phone junkies to oncoming traffic
Apple: SO sorry for the iOS 8.0.1 UPDATE BUNGLE HORROR
Apple kills 'upgrade'. Hey, Microsoft. You sure you want to be like these guys?
SMASH the Bash bug! Red Hat, Apple scramble for patch batches
'Applying multiple security updates is extremely difficult'
'Google is NOT the gatekeeper to the web, as some claim'
Plus: 'Pretty sure iOS 8.0.2 will just turn the iPhone into a fax machine'
ARM gives Internet of Things a piece of its mind – the Cortex-M7
32-bit core packs some DSP for VIP IoT CPU LOL
'People have forgotten just how late the first iPhone arrived ...'
Plus: 'Google's IDEALISM is an injudicious justification for inappropriate biz practices'
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.