SecurityRatty: tag: debian

Debian OpenSSL Blunder

2008-05-15 09:19:37 by Editor in Cheap Hack

...Debian distribution of OpenSSL in September 2006. As Moore explains it , the problem began when the team addressed a different potential vulnerability having to do with uninitialized data. To fix it, they removed one line of code. Moore shows how this had "...the side effect of crippling the seeding process for the OpenSSL PRNG." (PRNG is...

Tags: openssl, bit rsa keys, keys, public key, public, public keys, moore explains, moore, debian

More On The Debian OpenSSL Blunder

2008-05-18 13:17:44 by Editor in Cheap Hack

...Debian OpenSSL bug that I'm surprised I hadn't seen before. (This is a fun blog and I highly recommend it. And yes, I'm ripping off his use of the image below As Debian revealed in their disclosure, the bug was created because they removed a line of code based on a warning from the Purify tool that the code, part of the random number...

Tags: debian, openssl, debian openssl bug, bug, code, code based, microsoft, microsoft crypto api, random factor

Random Number Bug in Debian Linux

2008-05-19 06:07:59 by schneier in Schneier on Security

...Debian project announced that Luciano Bello found an interesting vulnerability in the OpenSSL package they were distributing. The bug in question was caused by the removal of the following line of code from md rand.c MD Update(&m,buf,j); [ .. ] MD Update(&m,buf,j); /* purify complains These lines were removed because they caused the Valgrind...

Tags: random, openssl, openssl team, random data, process, debian, current process, openssl package, bug

Free SSL Certs for Debian Bug Victims from Comodo

2008-05-22 10:12:19 by Editor in Cheap Hack

...Debian OpenSSL bug , certificate authority Comodo is offering free replacement SSL certificates to anyone affected , including customers of other CAs. Comodo customers can just go into their accounts and replace their certificates with a new Certificate Signing Request. Customers of other CAs can get their free certificate at this site ....

Tags: comodo, free, comodo customers, customers, free replacement ssl, authority comodo, debian openssl bug, cas, outdo verisign

Flaws found in Firefox, Opera

2008-02-18 00:00:00 by Jason Meserve in Network World on Security

Firefox and Opera are both under fire as security researchers at Vexillium have found a flaw that could allow attackers to capture a users' Web history. No word on updates yet, but be on the lookout. We've also got pairs of patches from rPath, FreeBSD, Ubuntu, Debian, Mandriva and Gentoo

Tags: opera, firefox, security researchers, web history, mandriva, users, flaw, capture, fire

Tools circulate that crack Debian, Ubuntu keys

2008-05-15 13:00:00 by Editor in Computerworld Security News

A vulnerability in widely used Linux distributions can be used by attackers to guess cryptographic keys, possibly leading to the theft of confidential information, security researcher HD Moore said today

Tags: linux distributions, security researcher, cryptographic keys, confidential information, attackers, moore, widely, possibly, vulnerability

Tools circulate that crack Debian, Ubuntu keys

2008-05-16 00:00:00 by HASH0x8472e44 in Network World on Security

A recently disclosed vulnerability in widely used Linux distributions can be exploited by attackers to guess cryptographic keys, possibly leading to the forgery of digital signatures and theft of confidential information, a noted security researcher said Thursday

Tags: noted security researcher, digital signatures, linux distributions, confidential information, cryptographic keys, attackers, recently, widely, forgery

Free Certificate Reissuance From VeriSign

2008-05-17 07:20:37 by Editor in Cheap Hack

...Debian's OpenSSL implementation , VeriSign is offering free reissuance of certificates . Patching the flawed software is not enough: certificates containing public keys generated by the buggy versions of OpenSSL have to be revoked and replaced with new copies generated by fixed versions of the software. For customers of trusted certificate...

Tags: verisign, software error, software, rapidssl ssl, openssl implementation, recent severe bug, openssl, ssl, buggy versions

True Randomness

2008-05-21 16:36:10 by Editor in Cheap Hack

...Debian OpenSSL bug. It inspired web developer Bo Allen to look into the randomness of the PHP rand() function. He compared it to the results from random.org , which uses atmospheric noise as a random seed. The result is a visually clear example of randomness and not-so-randomness. Read the blog, you'll see what I mean. Allen's test makes me...

Tags: random, random seed, randomness, programmatic random, debian openssl bug, time, atmospheric noise, web developer, php rand

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo