Feeds

KDE fixes SSL hole as MS dithers

Speed vs spin

  • alert
  • submit to reddit

Designing a Defense for Mobile Applications

New KDE binary RPMs have been released, as promised, with a fix for the SSL certificate vulnerability affecting Windows and Konqueror which we reported last week.

"KDE 3.0.3 primarily provides stability enhancements over KDE 3.0.2, which shipped in early July 2002, and also contains a security correction for SSL (Internet security) certificate handling," the organization says.

Also, a patch for KDE 2.2.2 is available for those who prefer not to upgrade their systems to KDE 3.

In the mean time, MS has decided to whitewash the affair and persuade users that the bug in their operating system is harmless, in flagrant disregard of the handy exploit code that's already been released.

Now it's fair to point out that fixing an application like Konqueror is a hell of a lot easier than fixing an operating system like Windows, and no doubt Redmond geeks are working around the clock to address this issue. Still, the open-source community consistently blows MS' doors off in getting on top of security holes, as we've observed on several past occasions. Fair enough; MS is a huge company with numerous products, and it's extravagant to expect them to respond with the speed of more compact organizations.

What's galling here is not the pace so much as the denial. As our readers know, a purloined private key and a bit of ARP spoofing will permit any junior hacker to grab a third party's SSL session. Yet MS refuses to warn its customers, but instead lulls them into a false sense of security. We're reminded of the Hotmail/Wallet hole discovered by Marc Slemko, over which MS was satisfied to leave millions of Passport customers at risk until the story was published. Only then did they grudgingly shut down the service briefly to fix it, while bitching about Slemko's decision to warn people about it.

It's moments like these that make us wonder how any Microserf can utter the words "Trustworthy Computing" with a straight face. ®

Boost IT visibility and business value

More from The Register

next story
Whoah! How many Google Play apps want to read your texts?
Google's app permissions far too lax – security firm survey
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Big Blue Apple: IBM to sell iPads, iPhones to enterprises
iOS/2 gear loaded with apps for big biz ... uh oh BlackBerry
OpenWRT gets native IPv6 slurping in major refresh
Also faster init and a new packages system
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.