[pchelpers] News:After Debian releases SSL patch, a world of hurt for security pros

  • From: John Durham <john.modec@xxxxxxxxxx>
  • To: PC-Helpers <pchelpers@xxxxxxxxxxxxx>
  • Date: Thu, 22 May 2008 08:26:34 +1200

Admins: Heal thy certificates
By Dan Goodin in San Francisco
Published Wednesday 21st May 2008 18:47 GMT

Nail down your security priorities. Ask the experts and your peers at
The Register Security Debate, April 17, 2008 Nail down your security
priorities. Ask the experts and your peers at The Register Security
Debate, April 17, 2008

It's been more than a week since Debian patched a massive security hole
in the library the operating system uses to create cryptographic keys
for securing email, websites and administrative servers. Now the hard
work begins, as legions of admins are saddled with the odious task of
regenerating keys too numerous for anyone to estimate.

The flaw in Debian's random number generator means that OpenSSL keys
generated over the past 20 months are so predictable that an attacker
can correctly guess them in a matter of hours. Not exactly a comforting
thought when considering the keys in many cases are the only thing
guarding an organization's most precious assets. Obtain the key and you
gain instant access to trusted administrative accounts and the ability
to spoof or spy on sensitive email and web servers.

More here:
http://www.theregister.co.uk/2008/05/21/massive_debian_openssl_hangover/
-- 
John Durham
Site http://modecideas.com
Server hosted on Ubuntu 4.10
Good advice is like good paint. It only works when applied.



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at //www.freelists.org/cgi-bin/lsg2.cgi
List archives at //www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts:

  • » [pchelpers] News:After Debian releases SSL patch, a world of hurt for security pros
  1. Home
  2. pchelpers
  3. Archive
  4. 05-2008