13-Year-Old Password Security Bug Fixed

[Daniel]

"In a sign that many eyes don't really make (security) bugs shallow, a thirteen-year-old password-hashing bug that affects (at least) PHP, some Linux distros (Owl, ALT Linux, SUSE), and a variety of other apps has just been patched. This problem had been present in widely-used code since 1998 without anyone noticing it."

Better late than never; reader Trailrunner7 points to this article outlining the dangers of old exploits, given old code for them to toy with.

 

[Paul]

Interesting read, thanks.

 

[Daniel]

How many bugs are there in commercial software that we don't know?

What we do know is that there are many exploits for commercial software.

 

[Virtual]

you hit a bug and then will come another bugs