[COLUG] Fwd: SERIOUS: Debian/Ubuntu OpenSSL/SSH/VPN
Key Vulnerability
Duane
duane at e164.org
Tue May 13 21:26:53 EDT 2008
Austin Godber wrote:
>> A serious vulnerability related to OpenSSL, OpenSSH and OpenVPN has
>> just materialized:
Actually this OpenSSL vulnerability seems worst than I first thought. It
seems that OpenSSL normally uses uninitialised memory as entropy and on
the surface given the right set of circumstances the same entropy could
be reused, or it could end up using a memory location that is all zeros
which seems like a really really bad idea to me.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Global Communication for the 21st Century
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
More information about the colug432
mailing list