l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2008 May 16 15:28

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Security Alert: Debian OpenSSL flaw affectsmany systems
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Security Alert: Debian OpenSSL flaw affectsmany systems

On Thu, 2008-05-15 at 14:29 -0700, Jeffrey Nonken wrote:
> http://www.linux.com/feature/135270

This paragraph is probably wrong:

> ´╗┐Debian and derivative distribution users can use the apt-get upgrade
> command to replace vulnerable keys on their systems, and Ubuntu users
> applying the security patches which appeared yesterday will have their
> weak keys replaced automatically, but as Moore points out, that
> doesn't solve the problems caused by weak keys being used to sign
> certificates or copied to other servers.

More detailed information is available at http://wiki.debian.org/SSLkeys

Note that the vulnerability meant that only 2^15 different keys of each
size were being generated. This is an incredibly small number, and I'm
sure many hackers have dictionaries of the entire key set now to break
in to systems with affected authorized_keys files.
vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.