Xen Cloud Fix Shows the Right Way To Patch Open-Source Flaws

Posted by timothy on Thursday October 2, 2014 @02:50AM from the steady-as-she-goes dept.

darthcamaro writes Amazon, Rackspace and IBM have all patched their public clouds over the last several days due to a vulnerability in the Xen hypervisor. According to a new report, the Xen project was first advised of the issue two weeks ago, but instead of the knee jerk type reactions we've seen with Heartbleed and now Shellshock, the Xen project privately fixed the bug and waited until all the major Xen deployments were patched before any details were released. Isn't this the way that all open-source projects should fix security issues? And if it's not, what is?

2 of 81 comments (clear)

Min score:

Reason:

Sort:

Re:Maybe? by i+kan+reed · 2014-10-02 03:13 · Score: 4, Informative

your salted password hash is just an obscured version of your password.
Negatory. Salted hashes are not reversable without a huge damned rainbow table particular to the salt, and most passwords are hashed, not encrypted.
There isn't actually a password to recover from that.
That's how the bash issue was handled by nedlohs · 2014-10-02 03:18 · Score: 4, Informative

That some idiot decided to publish the prenotification is just more likely when you have something in as widespread use as bash.