For almost two years the OpenSSL library used by Linux distribution Debian and Ubuntu has been generating useless cryptographic keys — although Debian has issued a patch, experts warn that systems may still be exposed.
"Patching the vulnerability does not remove the vulnerability — it just prevents it from happening from that point on."
cryptographic keysUbuntu / Debian Open to HackersDigg Linux/Unix upcoming Sat, 05/31/2008 - 05:23
Debian and Ubuntu Vunerabilities are UglyDigg Linux/Unix upcoming Fri, 05/16/2008 - 06:26
A security researcher recently disclosed vulnerability in widely used Linux distributions where attackers can guess cryptographic keys, possibly leading to the forgery of digital signatures and theft of confidential information. |
