Feeds

KDE fixes SSL hole as MS dithers

Speed vs spin

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

New KDE binary RPMs have been released, as promised, with a fix for the SSL certificate vulnerability affecting Windows and Konqueror which we reported last week.

"KDE 3.0.3 primarily provides stability enhancements over KDE 3.0.2, which shipped in early July 2002, and also contains a security correction for SSL (Internet security) certificate handling," the organization says.

Also, a patch for KDE 2.2.2 is available for those who prefer not to upgrade their systems to KDE 3.

In the mean time, MS has decided to whitewash the affair and persuade users that the bug in their operating system is harmless, in flagrant disregard of the handy exploit code that's already been released.

Now it's fair to point out that fixing an application like Konqueror is a hell of a lot easier than fixing an operating system like Windows, and no doubt Redmond geeks are working around the clock to address this issue. Still, the open-source community consistently blows MS' doors off in getting on top of security holes, as we've observed on several past occasions. Fair enough; MS is a huge company with numerous products, and it's extravagant to expect them to respond with the speed of more compact organizations.

What's galling here is not the pace so much as the denial. As our readers know, a purloined private key and a bit of ARP spoofing will permit any junior hacker to grab a third party's SSL session. Yet MS refuses to warn its customers, but instead lulls them into a false sense of security. We're reminded of the Hotmail/Wallet hole discovered by Marc Slemko, over which MS was satisfied to leave millions of Passport customers at risk until the story was published. Only then did they grudgingly shut down the service briefly to fix it, while bitching about Slemko's decision to warn people about it.

It's moments like these that make us wonder how any Microserf can utter the words "Trustworthy Computing" with a straight face. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Microsoft boots 1,500 dodgy apps from the Windows Store
DEVELOPERS! DEVELOPERS! DEVELOPERS! Naughty, misleading developers!
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
Uber, Lyft and cutting corners: The true face of the Sharing Economy
Casual labour and tired ideas = not really web-tastic
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?