l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
April 21: Google Glass
Next Installfest:
TBD
Latest News:
Mar. 18: Google Glass at LUGOD's April meeting
Page last updated:
2008 May 16 15:28

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Security Alert: Debian OpenSSL flaw affectsmany systems
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Security Alert: Debian OpenSSL flaw affectsmany systems



On Thu, May 15, 2008 at 05:18:52PM -0500, Ken Bloom wrote:
> On Thu, 2008-05-15 at 14:29 -0700, Jeffrey Nonken wrote:
> > http://www.linux.com/feature/135270
> 
> This paragraph is probably wrong:
> 
> > ´╗┐Debian and derivative distribution users can use the apt-get upgrade
> > command to replace vulnerable keys on their systems, and Ubuntu users
> > applying the security patches which appeared yesterday will have their
> > weak keys replaced automatically, but as Moore points out, that
> > doesn't solve the problems caused by weak keys being used to sign
> > certificates or copied to other servers.
> 
> More detailed information is available at http://wiki.debian.org/SSLkeys
> 
> Note that the vulnerability meant that only 2^15 different keys of each
> size were being generated. This is an incredibly small number, and I'm
> sure many hackers have dictionaries of the entire key set now to break
> in to systems with affected authorized_keys files.

I downloaded a dictionary of keys. I haven't tried to run the crack yet. 
Hackers build things, crackers break into things. 

-- 
Brian Lavender
http://www.brie.com/brian/
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!