Debian, Ununtu flawed for two years
By
Stewart Meagher
on May 21, 2008 11:36AM
A research posting to the Debian security list last week has led to the confirmation of a serious hole in two flavours of the Open Sauce Linux operating system.
Frederick Lee, a researcher at insecurity company Fortify, said that the flaw, which affects Ubuntu as well as Debian, had been "seriously underestimated " as it makes the Secure Sockets Layer (SSL) of the two Linux sustems vulnerable to malicious attack.
"We're calling this vulnerability 'insecure randomness' since it allows an attacker to predict the SSL cryptographic keys used for supposedly secure online transactions," he said.
Lee reckons that the flaw, which tinkers with the randomness engine used to encrypt secure transactions, could be used to intercept traffic between a user and supposedly secure connection between a user and, for example, an online banking site.
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Promoted Content
Why efficient data sharing is vital for effective emergency management
Promoted Content
Why Australia’s governments need to expand their data boundaries
Promoted Content
Delivering customer-centric government
Partner Content
Deadline to enter 2021 IoT Awards extended
Sponsored Whitepapers
The ultimate guide to customer IAM
10 questions to ask before you select a Network Performance Management tool
Innovate faster. Why accelerating change is a CIO's biggest challenge.
Unlock faster time-to-revenue using Adobe digital document processes
How Security as Code changes development and deployment for the cloud
