Meaningless Drivel is fun!*
The moose likes Security and the fly likes Debian/Ubuntu ssh weakness found Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Debian/Ubuntu ssh weakness found" Watch "Debian/Ubuntu ssh weakness found" New topic

Debian/Ubuntu ssh weakness found

Pat Farrell

Joined: Aug 11, 2007
Posts: 4634

There is a security patch out today for Debian, ubuntu, and all other distros based on debian.

In short someone 'fixed' the random number generator in the key generation code in the debian version, and did not send the patch up to the openSSL folks. The patch was bad.

This is an example of why crypto is serious, it can look fine and be used for years.
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 39537
Somewhat related to the topic of open source security, a couple of links that may be of wider interest:
  • - advisories about open source vulnerabilities
  • Discussion on Is Open Source Good for Security?

  • Ping & DNS - updated with new look and Ping home screen widget
    It is sorta covered in the JavaRanch Style Guide.
    subject: Debian/Ubuntu ssh weakness found
    Similar Threads
    Your favourite freeware <here> , preferably for Windows
    Where to get free linux OS
    Which one is best? Windows XP : Genuine Windows® 7 Home Premium 64bit (English)