Just because it\'s open-source doesn\'t mean that it\'s secure: That\'s the message a number of researchers and security mavens are touting about the recently released Diaspora social network. Even though the social site\'s source code was released in a pre-alpha stage earlier this week, that hasn\'t stopped various Internet commenters from weighing in on the alleged security holes peppering the service.
The Diaspora developers—four New York University students and a war chest of $200,000 in donations--have publicly acknowledged that the pre-alpha release of its Facebook competitor service still contains various security and feature issues that should be addressed in subsequent versions, like the service\'s planned Alpha stage that\'s scheduled for release in October.
That said, The Register\'s Dan Goodin calls Diaspora, \"littered with landmines,\" based on his interviews with other software enthusiasts and an ever-growing list of security issues being posted to Diaspora\'s Github launching page--\"a combination of Rails Security 101 errors and \'web application programming is hard.\',\" writes one commenter on Hacker News.
\"The bottom line is currently there is nothing that you cannot do to someone\'s Diaspora account, absolutely nothing,\" said Patrick McKenzie, a software company owner, in an interview with Goodin. McKenzie has been busy taking to the digital airwaves to warn users against jumping on to any version of Diaspora they find.
\"Don\'t use the #diaspora instances popping up. Don\'t host it publicly. Don\'t invite people to do either. It is screamingly unsafe,\" reads a message he posted to his Twitter account the day after Diaspora\'s pre-Alpha release.
Joining the anti-Diaspora chorus is a growing argument that said security vulnerabilities should be an expected part of an open-source package—the point being that, with all the code out in the open, aspiring security fixer-uppers can start hacking away and sealing up the flaws to the betterment of the community as a whole. If users enjoy the service, in theory, then they should be just as excited to participate in its development as Diaspora\'s actual developers.
But that\'s certainly not a view shared by all.
\"Security does not just happen for open source projects. The notion that it does is one of the more harmful myths in software security,\" writes Thomas Ptacek via a Hacker News comment. \"Open source makes a lot of software security problems easier … but slapping a GPL on your codebase and pushing it to Github does not make magical unicorns poop security findings into your mailbox.\"
Some users and commenters are rising to Diaspora\'s defense due to the fact that, yes, this is a pre-Alpha release that should come with an expectation that issues are going to exist. However, that still hasn\'t been enough to give Diaspora a free pass for some in the security world—mainly due to the sheer number of alleged security holes combined with the fact that Diaspora\'s primary marketing push is that it promises stronger privacy protections than its rival, Facebook.
News From: http://www.7StarNews.com
Thursday, September 30, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment