CNET News.com: Security hole found in Borland databaseJan 12, 2001, 00:07 (8 Talkback[s])
(Other stories by Stephen Shankland)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
"Borland's InterBase database software contains a "back door" that allows anyone with the appropriate password to wreak major havoc with the database and the computer it's running on, security experts said...."
"Borland acknowledged the back door and has begun releasing patches. The company has notified customers and sales partners and will begin shipping repaired versions this week, said Jon Arthur, director of the InterBase project for Borland. The problem exists in versions 4, 5 and 6 of InterBase...."
"The problem illustrates the double-edged sword of open-source software regarding security. On the good side is the fact that so many more programmers can scrutinize the software and find such problems--exactly what happened with InterBase. Many open-source advocates list this openness as a major advantage over closed, proprietary software such as the kind Microsoft distributes. Who knows what nefarious code lies within the millions of lines of Windows programming code, they ask."
"On the other hand, it can be easier for a malicious programmer to find vulnerabilities. This particular back door has existed since 1994, and nothing was preventing a malicious programmer from finding it in the last six months."
0 Talkback[s] (click to add your comment)