[pchelpers] News:SANS sounds alarm on Debian OpenSSL flaw
- From: John Durham <john.modec@xxxxxxxxxx>
- To: PC-Helpers <pchelpers@xxxxxxxxxxxxx>
- Date: Sat, 17 May 2008 07:48:07 +1200
Lockpicking script prompts alarm
By John Leyden
Published Friday 16th May 2008 18:33 GMT
Nail down your security priorities. Ask the experts and your peers at
The Register Security Debate, April 17, 2008 Nail down your security
priorities.
The SANS Institute today took the highly unusual step of issuing a
yellow alert over a vulnerability in the cryptographic functions of
Debian, the Linux distro that underpins Ubuntu.
Earlier this week Debian warned that the use of a cryptographically
flawed pseudo random number generator in its implementation of OpenSSL
meant that potentially predictable keys were generated. Versions of
Debian's OpenSSL packages starting with 0.9.8c-1 (released in September
2006) are vulnerable.
Fears that the cryptographic key (including SSH, SSL session keys,
OpenVPN and others) generated on affected systems may be weak were borne
out by the discovery of scripts that allow brute forcing of vulnerable
SSH keys. The SAN's Institute Internet Storm Centre warns that SSL
certificates should also be regenerated because of the same
cryptographic flaw.
More here:
http://www.theregister.co.uk/2008/05/16/debian_openssl_flaw/
--
John Durham
Site http://modecideas.com
Server hosted on Ubuntu 4.10
Good advice is like good paint. It only works when applied.
--
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at //www.freelists.org/cgi-bin/lsg2.cgi
List archives at //www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.
Other related posts:
- » [pchelpers] News:SANS sounds alarm on Debian OpenSSL flaw
