Page Two

By Henry Baltazar  |  Posted 2000-08-07 Print this article Print

: Double-Edged Sword"> Double-edged sword Because of its security benefits and risks, open-source software was characterized as "a double-edged sword" by MiniVend creator Mike Heins. "[The OpenHack scrutiny] is worse than I thought it might be, but ... it shows how opening the source can help you find security problems," said Heins, in Oxford, Ohio. "This is [an exercise] I should have gone through sooner."
Security vulnerabilities are much more difficult to spot in closed-source applications, but that doesnt mean the vulnerabilities are not there. Moras success with AnswerBook2 shows that clearly.
Another lesson we learned from OpenHack is that, when setting up complex systems, its easy to miss simple things-especially in places where problems are not expected. For example, an unchanged default password account on the Oracle8i server gave Mora access to database files. Some take the low road Application-level attacks caused the most damage to OpenHack, but lower-level network and DoS (denial-of-service) attacks also caused problems. During the first few days the OpenHack site was up, the sheer volume of these attacks at times overwhelmed the sites 10M-bps pipe to the outside world. There remains no definitive way to prevent distributed DoS attacks, but damage can be minimized through timely communication among IT managers across organizations. "Good security involves having diverse, well-coordinated and protected systems, and even then, you can overlook something," Mora said. "As somebody said, the only safe computer is unplugged, locked in a safe and buried in the desert."


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel