OSNews:

OSNews: http://www.osnews.com/story/19787/New_Security_Holes_Discovered Exploring the Future of Computing en-us Copyright 2001-2009, David Adams adam+nospam@osnews.com Tue, 10 Nov 2009 10:35:24 GMT http://www.osnews.com/images/osnews.gif OSNews.com http://www.osnews.com Very Serious Discussion http://osnews.com/thread?315638 http://osnews.com/thread?315638 It's all made very clear for me now. I know which Distro is the best. Thanks to those guys (people - in case there are any cool chicks there) for making it easy on all of us. Mon, 26 May 2008 19:02:00 GMT donotreply@osnews.com (kjwaugh) Comments witty http://osnews.com/thread?315659 http://osnews.com/thread?315659 Just the remedy after a busy working day... on a bank holiday

Mon, 26 May 2008 20:16:00 GMT donotreply@osnews.com (raver31) Comments topic? http://osnews.com/thread?315672 http://osnews.com/thread?315672 Is it just me, or is the topic a little too vague and confusing? I mean, it's bad enough the teaser is almost always copy/pasted from the source, but can't there be a shred more of effort put in anymore? Mon, 26 May 2008 22:02:00 GMT donotreply@osnews.com (xushi) Comments RE: topic? http://osnews.com/thread?315676 http://osnews.com/thread?315676 Congratulations! You're the winner of this week's "missing the point" sweepstakes! Mon, 26 May 2008 22:45:00 GMT donotreply@osnews.com (David) Comments RE[2]: topic? http://osnews.com/thread?315677 http://osnews.com/thread?315677 take a +1 from me... I can't give it normally as I have already posted

Mon, 26 May 2008 23:17:00 GMT donotreply@osnews.com (raver31) Comments openSUSE FTW http://osnews.com/thread?315682 http://osnews.com/thread?315682 It's gratifying to see that openSUSE managed to escape the list of glaring security problems. Congrats to the dev teams, I believe their holistic approach to assessing vulnerabilities gives them a clear advantage over the distros listed in the article.

FWIW, the bug with the decoder rings in Fedora was admittedly an issue with an earlier version of openSUSE, but it was very quickly identified and nixed with a security update. It's remarkable to see that other distros fail, even in this day and age, to take preventative measures against well known attack vectors. Don't even get me started on the root access vulnerability for slackware that was mentioned in the article, how has that not been addressed yet?

Security is a mindset, above all else.

;) Tue, 27 May 2008 01:02:00 GMT donotreply@osnews.com (elsewhere) Comments I've realised I have too many tabs open... http://osnews.com/thread?315683 http://osnews.com/thread?315683 when I've found myself wondering where that xkcd comic come from, and where the security article was. Tue, 27 May 2008 01:28:00 GMT donotreply@osnews.com (wannabe geek) Comments April Fool's? http://osnews.com/thread?315684 http://osnews.com/thread?315684 Sorry, I thought today was Memorial Day?

For some reason this feels like a paid advertisement that was supposed to seem like a normal OSNews post... Didn't work for me, sorry.

Tue, 27 May 2008 01:52:00 GMT donotreply@osnews.com (patrick_) Comments comic's inspiration http://osnews.com/thread?315693 http://osnews.com/thread?315693 I'm a little surprised not to see a link on OSNews to the incident that inspired this comic. Maybe the editors knew it would turn into a flamefest. Seriously though, it's somewhat of a major story. I'm a Debian user myself, and I'm really horrified at the bug one of their developers introduced to their version of OpenSSL.

It's one of those things that makes one think about distros and their relationship to upstream, about whether one's distro choice is sound, about how easy it is to trust code, etc etc. Seems like something that should be addressed on OSNews, even if it might be a crapstorm. Apologies if I missed it somewhere.. Tue, 27 May 2008 04:26:00 GMT donotreply@osnews.com (MamiyaOtaru) Comments RE: comic's inspiration http://osnews.com/thread?315717 http://osnews.com/thread?315717 I'm also a Debian user and am horrified as well.

I'm considering switching to Arch linux due to their policy of not messing with the source that comes from the original maintainer. Tue, 27 May 2008 09:28:00 GMT donotreply@osnews.com (bloodandsoil) Comments RE[2]: comic's inspiration http://osnews.com/thread?315723 http://osnews.com/thread?315723

I'm considering switching to Arch linux due to their policy of not messing with the source that comes from the original maintainer.

Arch seems to currently add three patches to their openssl package.
http://repos.archlinux.org/viewvc.cgi/openssl/repos/core-i686/

Some Arch packages, like firefox, have more patches.
http://repos.archlinux.org/viewvc.cgi/firefox/repos/extra-i686/ Tue, 27 May 2008 10:59:00 GMT donotreply@osnews.com (da_Chicken) Comments RE: openSUSE FTW http://osnews.com/thread?315815 http://osnews.com/thread?315815

Don't even get me started on the root access vulnerability for slackware that was mentioned in the article, how has that not been addressed yet?

Security is a mindset, above all else.

;)

Well, if your running Slackware 12.0, then yes, your most likely vulnerable, but it has been addressed with the release of 12.1, unless there is an issue with openssl-0.9.8g itself. Tue, 27 May 2008 18:36:00 GMT donotreply@osnews.com (Siamhie) Comments RE[3]: topic? http://osnews.com/thread?315874 http://osnews.com/thread?315874 Did it for you, and you got a +1 too ! Wed, 28 May 2008 01:17:00 GMT donotreply@osnews.com (holywood) Comments