Barney's Blog

Blog archive

Mailbag: Red Hat Security

Readers share their thoughts on open source security in general, and the recent Red Hat hack in particular:

I think that Red Hat getting hacked was a good thing. I am a die-hard Linux user, but I do not go with the crowd that thinks that if you are using any non-Microsoft OS, then you are safe from bad ware. Humans make mistakes; the software that we create will have bugs, and bugs lead to holes, and holes are how the bad boys get in. The sooner everyone starts thinking about security, the better.

I have to admit that I do feel safer using Linux and Firefox while I am surfing the Web, just as the people in the Twin Towers felt safe on Sept. 11, 2001, just before the planes hit.

I have countered for years that Mac and open source operating systems are not targets -- not because they are so secure, but because there were so few of them. The more that are out there, the more they will be hacked. The hackers want quantity. It only makes sense that they will concentrate their efforts where they will get the most results for the least amount of work.

It is Microsoft's licensing that really burns me up, not so much whether it has a better product than others. I'm not sure why those who clamor around Microsoft don't get that. While there have been some who have made silly claims about open source and its security, at least a company that uses FOSS or OSS can hire someone (if they don't possess in-house talent) to review code to ensure that everything is up to snuff. I have a few clients who have done just that with Internet-facing Linux systems -- and it is one thing you cannot do with closed source, no matter who it is. And that is the difference and is why I will always look for an open source alternative for anything I use and recommend.

And Doug's dad gets the final word on professors teaching students how to hack:

Interesting comments on the hackers. Although I consider hackers and scammers the enemy, you do have to understand the enemy if you want to have a chance to defeat him. However, one area which seemed to be ignored was the use of information gained by hacking. Helping riders get free lifetime transportation on the T is certainly not an appropriate use. When we discovered weaknesses in military installation security, we went to the responsible organization so they could correct them.

Check in tomorrow for more reader letters! And if you want to share some of your own comments, fill out the form below or send an e-mail to [email protected].

Posted by Doug Barney on August 27, 2008