Students of iconoclastic computer scientist Daniel Bernstein have found some 44 security flaws in various Unix applications, according to a list of advisories posted online.
The flaws, which range from minor slipups in rarely used applications to more serious vulnerabilities in software that ships with most versions of the Linux operating system, were found as part of Bernstein's graduate-level course at the University of Illinois at Chicago.
"Every program is used somewhere--this was a requirement for the homework--but the programs vary widely in popularity," Bernstein, a professor of computer science at the university, stated in an e-mail interview Thursday.
Bernstein said it was necessary for programmers to learn security, both to analyze existing programs and to create new ones.
"If any (programmer makes) a security mistake, then your computer is vulnerable to attack," he said in the e-mail interview. "So we have to teach all programmers how to avoid these mistakes."
The latest crop of security flaws comes two days after a software-testing company announced that it had found 985 flaws in the latest Linux kernel during the past four years using the company's analysis software. While the number seems high, the company said it is far lower than the number associated with most commercial software.
Each person in the class during the fall semester had to find 10 flaws, a task that counted toward 60 percent of their grade for the class, according to class notes posted on Bernstein's Web site. With only 44 flaws discovered among a reported 25 students, Bernstein said he is rethinking the grading curve.
"At the end of the course, I decided to throw that scale away and think about how much the students had learned," he wrote
Lets see how long it will take before a patch is out? then we can compare with MS Patch release cycle. More than likely it will take more than twice the time MS takes to release the patch.
Linux patches are almost handed out daily if there are patches to be made. With Microsoft, you might get a patch a month after the fact, maybe sooner if Microsoft feels it's necessary.
In short, updates for Linux are more thorough seamless than for Windows.
3 months for fixing a config error in the firewall software. If I would take this long to fix a hole in our corporate firewall, I would be fired straight away...
The article CLEARLY states that of the 900+ flaws found in the UNIX code,that number was WAY LOWER than commercial software codes...(i.e. WINDOWS) The Internet runs on UNIX/Java/BSD for a reason. Pull your head out of Citizen Gates black hole. -Eyes wide open in Seattle- [Unix/Mac/Win user]
If you want to be fair, then be fair. Somebody may have suggested that more bugs exist in commercial software packages, but there is no mention of *which* packages, and there is no official count of flaws or record of identification. Sounds to me like somebody was shooting their mouth without having data to back up their claims. What is known, is how many flaws were found in UNIX. Nothing more.
The reported security problem has been fixed for the 2fax program. The new version of the program is available at <a class="jive-link-external" href="http://www.atbas.org/2fax" target="_newWindow">http://www.atbas.org/2fax</a>
Apple says it's got a third-party group looking for issues at manufacturing partners it uses. Read CNET's FAQ to find out how we got here, and what the next steps are.
Tommy Jordan, the man who shot his daughter's laptop for YouTube, gets a visit from police and child protection services. Oh, and Good Morning America.
Proposal provides $140 billion for research and development of technologies such as clean energy, wireless communications, and cybersecurity--a 5 percent increase over 2012.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
There are a lot of things that AT&T's humongous Samsung Galaxy Note smartphone is, like a digital memo pad, a medium-size reader, and a great photo companion.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
to be made. With Microsoft, you might get a patch a month
after the fact, maybe sooner if Microsoft feels it's necessary.
In short, updates for Linux are more thorough seamless than for
Windows.
<a class="jive-link-external" href="http://news.com.com/Microsoft+posts+critical+configuration+patch/2100-1002_3-5494557.html?tag=cd.top" target="_newWindow">http://news.com.com/Microsoft+posts+critical+configuration+patch/2100-1002_3-5494557.html?tag=cd.top</a>
3 months for fixing a config error in the firewall software. If I would take this long to fix a hole in our corporate firewall, I would be fired straight away...
If this happened to Microsoft it would be Headline News everywhere.
The Internet runs on UNIX/Java/BSD for a reason.
Pull your head out of Citizen Gates black hole.
-Eyes wide open in Seattle-
[Unix/Mac/Win user]
The reported security problem has been fixed for the 2fax program. The new version of the program is available at <a class="jive-link-external" href="http://www.atbas.org/2fax" target="_newWindow">http://www.atbas.org/2fax</a>
Will fix the windows version later :)