CNET News.com: Security hole found in Borland database
CNET News.com: Security hole found in Borland database
Jan 12, 2001, 00 :07 UTC (8 Talkback[s]) (3019 reads)
(Other stories by Stephen Shankland)
"Borland's InterBase database software contains a "back door" that allows anyone with the appropriate password to wreak major havoc with the database and the computer it's running on, security experts said...."
"Borland acknowledged the back door and has begun releasing patches. The company has notified customers and sales partners and will begin shipping repaired versions this week, said Jon Arthur, director of the InterBase project for Borland. The problem exists in versions 4, 5 and 6 of InterBase...."
"The problem illustrates the double-edged sword of open-source software regarding security. On the good side is the fact that so many more programmers can scrutinize the software and find such problems--exactly what happened with InterBase. Many open-source advocates list this openness as a major advantage over closed, proprietary software such as the kind Microsoft distributes. Who knows what nefarious code lies within the millions of lines of Windows programming code, they ask."
"On the other hand, it can be easier for a malicious programmer to find vulnerabilities. This particular back door has existed since 1994, and nothing was preventing a malicious programmer from finding it in the last six months."