Debian, Ununtu flawed for two years

By Stewart Meagher on May 21, 2008 11:36 AM
Filed under

A research posting to the Debian security list last week has led to the confirmation of a serious hole in two flavours of the Open Sauce Linux operating system.


Frederick Lee, a researcher at insecurity company Fortify, said that the flaw, which affects Ubuntu as well as Debian, had been "seriously underestimated " as it makes the Secure Sockets Layer (SSL) of the two Linux sustems vulnerable to malicious attack.

"We're calling this vulnerability 'insecure randomness' since it allows an attacker to predict the SSL cryptographic keys used for supposedly secure online transactions," he said.

Lee reckons that the flaw, which tinkers with the randomness engine used to encrypt secure transactions, could be used to intercept traffic between a user and supposedly secure connection between a user and, for example, an online banking site.
theinquirer.net (c) 2010 Incisive Media
Keywords
debian, ununtu, flawed, two, years
Related

What are your thoughts on this article? Add your comment below.

To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.

NOTE: You must be a registered member of SC Magazine to post a comment.

Click here to login | Click here to register
comments powered by Disqus
Sign up to receive SC Magazine email newsletters
   FOLLOW US...
Most Read