Open source closes backdoors
When a software company will not make the source code for a product available, one must put one's faith in something called security through obscurity. The argument for security through obscurity is simple. If crackers could get to the source code, it would be easy for them to find ways to exploit weaknesses in the product.
While that sounds like a logical argument, it is easily refuted. If you are not already convinced by the numerous Windows, Internet Explorer, and Microsoft Outlook exploits, then pay a visit to Game Copy World (see Resources for a link) sometime. You'll see just how easy it is for people to break the copy protection for games without having to see the source code. The site often publishes copy protection workarounds the same day a game is released. (By the way, I believe Game Copy World is actually providing a legitimate and valuable service. As someone with young children, I can confirm the need to make backup copies of games that get scratched and ruined by reckless little fingers.)
Ironically, we open source advocates have confidence in the security of open source software for the same reason others defend security through obscurity -- open source code actually does make it easier to spot weaknesses in a product. We simply take the next step in the logic. If having the source code makes it easy to spot weaknesses, then the best way to find and plug security holes is to make the source code as widely available as possible and solicit the input of those who use it.
NSA key revisited
A greater security risk than system cracking concerns me, one that is only possible through source code obscurity: intentional backdoors.
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Sign up »
New Open Storage: Save up to 75% over traditional storage costs with Sun's Unified Storage. Sun's breakthrough technology delivers flexibility, ease-of-use, and energy efficiency for better performance across your business. Try Sun's virtual simulator now.
Brought to you by: |
This month we're giving away 5 copies of each of these great books. Enter today for your chance to win!
|
Friends With Benefits: A Social Media Marketing Handbook |
 |
Ubuntu Unleashed 2010 Edition |
|
VMware vSphere 4 Implementation |
15 Ways to Make YouTube More Useful
From downloading videos to reinventing the interface, these 15 tools will help you use YouTube like you've never used it before.
