p2pnet news | Open Source:- Debian GNU/Linux’s implementation of the Secure Sockets Layer communications protocol “made it easy for attackers to discover encryption keys,” says the Gartner group.

Debian uses the open source OpenSSL version of Secure Sockets Layer and the ‘glitch’ was caused by Debian developers implementing, “changes to OpenSSL to fix a memory leak without first consulting the OpenSSL development community,” states InformationWeek.

“The Debian ‘fix’ resulted in a serious weakness in the OpenSSL random number generator,” according to the researchers, says the story, going on:

“Gartner said the Debian organization was unresponsive to its attempts to contact it about the issue,” but, “Debian has issued a patch to fix the problem,” says the story, adding Gartner is advising businesses which use Debian GNU/Linux, “to implement the patch and regenerate all cryptographic keys generated by Debian OpenSSL versions beginning with 0.9.8c-1″.

. .Stumble It!

InformationWeek – Debian Linux Suffers From ‘Major Security Flaw,’ Gartner Warns , May 28, 2008

---

Use free p2pnet newsfeeds for your site. It’s really easy!

Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php

---

Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.

This entry was posted on Thursday, May 29th, 2008 at 11:10 am and is filed under Open Source. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 10850 times