“Reports began to appear April 14th of a apparently deliberate
back-door in a piece of Microsoft web software called FrontPage.
The reports specified that the back-door password was “Netscape
engineers are weenies!”. Open source advocates fell all over
themselves with glee. This was finally the big black eye they were
waiting to give Microsoft! Conclusive evidence that security
through obscurity does not work, and that open source software was
superior.
“…Of course the next day, after some background and fact
checking, it was revealed that the Microsoft back-door wasn’t as
bad as was originally reported. Further, ten days later a security
firm found a what could be considered a back door in Red Hat Linux.
Ironically, the bug was in a piece of web software. The security
advisory states, “The GUI portion of Piranha may allow any remote
attacker to execute commands on the server. This may lead to remote
compromise of the server, as well as exposure or defacement of the
website.”
“Wait a minute. Doesn’t Red Hat ‘theoretically’ stand behind the
code they ship? How could this back door have been inserted into
Open Source code? Didn’t Mr. Raymond say that this couldn’t happen
to Linux? What do all the pundits who were railing against
Microsoft’s security holes have to say about this? Is there a
double standard when it comes to reporting Microsoft? In this
situation, the Linux press, such as Slashdot, are looking more like
a sick imitation of what ZDNet used to be. Why is it ‘evil’ when
Microsoft FUDs Linux, but ‘advocacy’ when Linux sites FUD
Microsoft?“