Software security is still a mess

Maybe it’s just a bad dream, but it seems like 2008 has been a year of serious security issues, which have the potential to cause major problems on the Internet.

First, there was the OpenSSL vulnterability, which seems to greatly affect Ubuntu Linux (there is exploit code in the wild)

Then the DNS cache poisoning vulnerability was disclosed on 7/8/2008. Most systems had patches available within 3 or 4 days. Microsoft’s fix for that broke many installations of the ZoneAlarm firewall on Windows.

The combined effects of these two vulnerabities are significant, you may not be able to verify you are connected to the correct web site, even if the SSL connection appears to be good.

Keep up with those patches, and remember:  Some user have even more basic problems


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: