Debian-based OpenSSL keys -- vulnerable to attack?
Roger Burton West
roger at firedrake.org
Thu May 22 09:07:40 BST 2008
On Wed, May 21, 2008 at 09:50:31PM -0700, Jonathan Lloyd wrote:
>I received a message from the Association for Computing and Machinery saying
>that any SSL key generated on a Debian system since May of 2006 could be
>vulnerable to attack. Seems kind of important -- assuming it is legitimate.
Well, that's more than a week late, and any admin who hasn't already
taken action really isn't doing his job... but why are you trusting
third parties when you should be subscribed to Bugtraq and/or the Debian
security update list?
More information about the london.pm