eWEEK: Open Source: a False Sense of Security?
Oct 01, 2002, 22:00 (27 Talkback[s])
(Other stories by Dennis Fisher)
How to Help Your Business Become an AI Early Adopter
"Over the last couple of years, as security vulnerability
reports have piled up on products from such big vendors as
Microsoft Corp., Oracle Corp. and Cisco Systems Inc., open-source
advocates have snickered. If only those vendors would release their
source code and let the open-source community at it, all their
problems would go away, they said. And when the Code Red and Nimda
worms chewed their way through hundreds of thousands of unpatched
Microsoft Internet Information Services servers last year, Apache
users sat back and smiled, believing nothing like that could happen
"Then it did.
"In late July, researchers found several flaws in the OpenSSL
tool kit, which is commonly used for secure transmissions on Apache
servers. About six weeks later, someone released a worm called
Slapper that exploited the vulnerability and not only installed a
back door on each infected server but also turned machines using
OpenSSL into a waiting army of zombies by dropping in a DDoS
(distributed-denial-of-service) tool kit as well..."