This week's book giveaway is in the Agile and other Processes forum.
We're giving away four copies of The Mikado Method and have Ola Ellnestam and Daniel Brolund on-line!
See this thread for details.
The moose likes Security and the fly likes Debian/Ubuntu ssh weakness found Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of The Mikado Method this week in the Agile and other Processes forum!
JavaRanch » Java Forums » Engineering » Security
Reply Bookmark "Debian/Ubuntu ssh weakness found" Watch "Debian/Ubuntu ssh weakness found" New topic
Author

Debian/Ubuntu ssh weakness found

Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4422
    
    2

I like...
Linux Mac OSX VI Editor
posted private message
0
Quote
There is a security patch out today for Debian, ubuntu, and all other distros based on debian.

http://www.ubuntu.com/usn/usn-612-2

In short someone 'fixed' the random number generator in the key generation code in the debian version, and did not send the patch up to the openSSL folks. The patch was bad.

This is an example of why crypto is serious, it can look fine and be used for years.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 35247
    
    7
posted
0
Quote
Somewhat related to the topic of open source security, a couple of links that may be of wider interest:
  • oCERT.org - advisories about open source vulnerabilities
  • Discussion on Is Open Source Good for Security?
    •

    Android appsImageJ pluginsJava web charts
     
    I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to run our stuff on 16 servers instead of 3.
     
    subject: Debian/Ubuntu ssh weakness found
     
    Similar Threads
    Where to get free linux OS
    Ubuntu?
    Your favourite freeware <here> , preferably for Windows
    Which one is best? Windows XP : Genuine Windows® 7 Home Premium 64bit (English)
    Unix