“The outing of the advisories this weekend caused some
consternation in the security world, because the companies involved
didn’t have time to create patches for the problems before the
information became publicly known. When a security problem is found
in their products, software makers prefer to release the
information after a patch is available.“One advisory outlines a problem with a library originally
created by Sun Microsystems that is included in many Unix- and
Linux-based operating systems. A second advisory highlights an
issue in the Kerberos authentication system that could allow an
attacker to impersonate other users. The third advisory discusses a
specialized attack that could target servers using Secure Sockets
Layer and break the software’s encryption.“The CERT Coordination Center had been prepping the advisories
for publication. In an interview earlier this week, the
organization identified 50 different companies that had access to
all three advisories, and Sean Hernan, team leader for
vulnerability handling at the CERT Coordination Center, believed
one of the firms or one of the firms’ employees may have leaked the
information…”
CNET News: Hacker Says He Leaked Info on Unix Flaw
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis