security
Debian 'fixes' OpenSSL
cornet — Wed, 2008-05-14 03:51
So it would appear that Debian "fixed" a problem in OpenSSL a few years ago. Unfortunately this "fix" has meant that they have had to release this security announcement.
Now this vulnerability is quite bad, so much so that Debian have stated the following:
It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation.
Ben Laurie has posted a great blog entry as to why this so stupid. This quote from that entry sums the problem up nicely:
Secondly, if you are going to fix bugs, then you should install this maxim of mine firmly in your head: never fix a bug you don’t understand.
Hacking BT Home Hubs
cornet — Tue, 2008-01-15 12:29
So first we have the BT Voyger that gave out your username and password if you asked it nicely.
Then, yet again, BT ship a router which another flaw in it.
I've always had this gut feeling that UPnP was bad. It allows machines on your network to modify, for example, settings on your router without any authentication.
Password Analysis
cornet — Wed, 2007-02-21 09:41
After a recent phishing scam, which resulted in someone gaining over 55,000 passwords for my space, someone has posted some analysis on the passwords.
See the results here
Kernel Sorted
cornet — Mon, 2007-02-12 01:11
Upgrading my kernel to 2.6.18 appears to have fixed the issue I was having with aircrack.
Now just need to write a script to make things a bit easier.
