Re: The tables have turned
showed (for the first time ?) that open source can have totally unbelievable security bugs
Most certainly not for the first time. Critical security issues in open-source software predates the "open source" movement, to the days before unbundling when software was typically supplied in source form.
There's the TENEX login-probe bug, for example, which leaked information over the timing channel and so could be used to guess a password one character at a time. (I think TENEX was available in source code - maybe a reader who actually worked with it will remember differently. But in any case it's a typical example of the sort of security issues that existed at the time.)
That was in the 1960s.
If you want a more recent example, there's the Netscape predictable-CPRNG bug in their early SSL implementation. Or the fingerd buffer overflow exploited by the Morris Worm. And so on.
Biting the hand that feeds IT
