NEWSFLASH: Debian and Ubuntu SSH and SLL bug leaves servers vulnerable

A serious bug in Debian's random number generator has been patched overnight. We cover the bug - and the fix - in a special edition of our Risky Business podcast.

Newsflash at 4pm on Wednesday May 14. This is a Risky Business special broadcast -- we have broken our regular programming schedule to bring you this special report. Download it from: 

http://itradio.com.au/security/

 Most listeners would be aware that a serious bug in Debian's random number generator has been patched overnight. Unfortunately, all keys generated by Debian systems (and by the looks of things Ubuntu systems as well) are completely useless and need to be regenerated.

That means you SSH and SSL content encryption AND authentication has been rendered ineffective. Not only are your server generated keypairs ineffective, any user-generated keypair made with a Debian or Ubuntu box and accepted by an SSH server is vulnerable.

H D Moore is currently working on what sounds like a rainbow table-style attack which will allow him to brute force authentication over SSH in 2.5 to 6 hours. Because of the rainbow table nature of the attack, it also means he can decode intercepted packets in a matter of seconds.

Dig deeper on Operating system security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

-ADS BY GOOGLE

SearchStorage.com.au

SearchCIO.com.au

SearchFinancialSecurity

SearchMidmarketSecurity

SearchSecurityChannel

Close