Debian-based OpenSSL keys -- vulnerable to attack?
Toby Corkindale
tjc at wintrmute.net
Thu May 22 06:05:38 BST 2008
On Wed, May 21, 2008 at 09:50:31PM -0700, Jonathan Lloyd wrote:
> I received a message from the Association for Computing and Machinery saying
> that any SSL key generated on a Debian system since May of 2006 could be
> vulnerable to attack. Seems kind of important -- assuming it is legitimate.
>
>
> - http://www.technologyreview.com/Infotech/20801/
> - http://blogs.zdnet.com/security/?p=1102
It's legitimate:
http://article.gmane.org/gmane.linux.debian.security.announce/1614
http://xkcd.com/424/
Debian screwed up badly.
Toby
More information about the london.pm
mailing list