Admins: Heal thy certificates By Dan Goodin in San Francisco Published Wednesday 21st May 2008 18:47 GMT Nail down your security priorities. Ask the experts and your peers at The Register Security Debate, April 17, 2008 Nail down your security priorities. Ask the experts and your peers at The Register Security Debate, April 17, 2008 It's been more than a week since Debian patched a massive security hole in the library the operating system uses to create cryptographic keys for securing email, websites and administrative servers. Now the hard work begins, as legions of admins are saddled with the odious task of regenerating keys too numerous for anyone to estimate. The flaw in Debian's random number generator means that OpenSSL keys generated over the past 20 months are so predictable that an attacker can correctly guess them in a matter of hours. Not exactly a comforting thought when considering the keys in many cases are the only thing guarding an organization's most precious assets. Obtain the key and you gain instant access to trusted administrative accounts and the ability to spoof or spy on sensitive email and web servers. More here: http://www.theregister.co.uk/2008/05/21/massive_debian_openssl_hangover/ -- John Durham Site http://modecideas.com Server hosted on Ubuntu 4.10 Good advice is like good paint. It only works when applied. -- -------list-services-below----------- Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig> Freelists login at //www.freelists.org/cgi-bin/lsg2.cgi List archives at //www.freelists.org/archives/pchelpers PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig Good advice is like good paint- it only works if applied.