Security bug in SSL affects Debian, Ubuntu etc servers and clients

probe

Sloppy :-(

http://en.wikinews.org/wiki/Predictable_random_number_generator_discovered_in_the_Debian_version_of_OpenSSL

.probe

_CreeD_

Another source (for those who take anything "wiki" with a grain of salt ), http://isc.sans.org/diary.html?storyid=4421 . Its the first time I've seen the alert level move off of green.

probe

_CreeD_ wrote: »

Another source (for those who take anything "wiki" with a grain of salt ), http://isc.sans.org/diary.html?storyid=4421 . Its the first time I've seen the alert level move off of green.

Wiki news is less liable to “short term false positives” compared with other parts of the wiki empire.

Let he who has no sins cast the first stone! Follow a link from the page you posted to:
http://isc.sans.org/diary.html?storyid=4420

Wherein the accused states:

“It is obvious that this is highly critical – if you are running a Debian or Ubuntu system, and you are using keys for SSH authentication (ironically, that's something we've been recommending for a long time), and those keys were generated between September 2006 and May 13th 2008 then you are vulnerable.”

What is so special about May 13? This guy must have honed his imprecise and confusing journalistic skills while working for an Irish national newspaper! This security problem will continue until it has been properly patched at all ends involved in any transaction.

.probe

Martyr

this is something that had been known about for a while, no idea why SANS only published details now.

read here for details