Not so random numbers means linux geeks freak out
May 13th, 2008 by scaredpoet


Well, seeing as lately my blog is geeking-out over Ubuntu, I may as well add this posting to the list, and it’s a doozy.

If you happen to be a Linux Geek running Ubuntu, Debian, or any of the 40+ related distributions, AND you’ve been hiding under a rock for the past 24 hours, then you should know that there’s a HUGE security vulnerability involving OpenSSL and everything related to it, including SSH. For the non-geekified: this is the stuff required for “secure” web sites to stay secure, and what people typically use to log into systems remotely without their passwords being freely scattered for any hacker to see and exploit.

The problem? The encryption keys used to keep your logins safe and private hinge around seemingly-random numbers that the system must generate. However, sometime in September 2006, a developer got a bit careless and made a revision to the software that suddenly made the random number generator, well, not-so-random. The result? The encryption keys are theoretically easy to guess and decrypt, leaving those once-believed-private transactions very vulnerable and exposed.

Here are the security notices from Debian (here and here), and Ubuntu (here, here and here), the two biggest Linux flavors affected by this security hole. The notices include fixes, and updates are available, but sysadmins need to follow the instructions to make the fix effective.

Of course, there’s are those aforementioned 40+ other known derivatives of these two major Linux distributions that are probably affected, too.

And here’s a statement I never really thought I’d find myself saying: if you use Windows, you have nothing to worry about, because all of this means nothing to you.

P.S.: Yes, this server has been patched. 🙂

One Response  
  • crocto writes:
    May 14th, 2008 at 3:00 pm

    so this means that evil corp (microsoft) for once didn’t screw up and the flower people of hippie land and free speech screwed up for once? crazy. next thing you know cats and dogs will be getting along.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


»  Substance:WordPress   »  Rights: Creative Commons License