Monday July 21, 2008 7:52 AM AEST
Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"No Comment"
on Mozilla Messaging fixes five bugs in Thunderbird email client
by Phillip Vachon | Jul 21, 2008 4:13 AM
 
"thankx dear ihave my massege"
on Ads on Facebook serving up adware
by muhammad shehzad ashraf | Jul 20, 2008 1:05 AM
 
"kdjfkjasd"
on HP WebInspect 7.7
by fdsf | Jul 19, 2008 10:19 PM
 
"Hacked? No, it was not hacked. Lots of people were told to search for it. That's all."
on Google Trends hacked again
by kgh0st | Jul 19, 2008 3:33 PM
 
""..but experts are poring over the site's logs to find the vulnerability that allowed the ..."
on Popular porn site hacked by prudes
by J | Jul 18, 2008 9:54 PM
Patch Management

Debian, Ununtu flawed for two years

  • Email a Friend
  • Print Page
Related Articles
By Stewart Meagher
May 21, 2008 11:36 AM
Tags: Debian, | Ununtu | flawed | for | two | years

Frederick Lee, a researcher at insecurity company Fortify, said that the flaw, which affects Ubuntu as well as Debian, had been "seriously underestimated " as it makes the Secure Sockets Layer (SSL) of the two Linux sustems vulnerable to malicious attack.

"We're calling this vulnerability 'insecure randomness' since it allows an attacker to predict the SSL cryptographic keys used for supposedly secure online transactions," he said.

Lee reckons that the flaw, which tinkers with the randomness engine used to encrypt secure transactions, could be used to intercept traffic between a user and supposedly secure connection between a user and, for example, an online banking site.

theinquirer.net (c) 2008 Incisive Media

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below: