Kerberos flaw found…but no impact on Windows

Guess sometimes it pays not to be a *nix derivative:

Apparently, the Windows implementation of Kerberos is not affected because we re-implemented it from scratch based on the MIT specification, rather than working from the original codebase that contains the flaw.

If a flaw can slip through the authentication protocol used by Solaris, Red Hat, Mandrake, OS X, etc., that pretty much eviscerates the “many eyes” theory that many advance as evidence that OSS is more secure than proprietary software. This is a pretty good reminder that even the best eyes will occasionally miss something.

Comments (1)

  1. senkwe says:

    Cynics would say the MS version of Kerberos is incompatible with the industry standard and is therefore still flawed regardless. Don’t ask me, I just frequent the LinuxToday comment sections 🙂

Skip to main content