sheepy.org - sheepy goings on...

  • blog
  • about
  • other
Home

security

Debian 'fixes' OpenSSL

cornet — Wed, 2008-05-14 03:51

So it would appear that Debian "fixed" a problem in OpenSSL a few years ago. Unfortunately this "fix" has meant that they have had to release this security announcement.

Now this vulnerability is quite bad, so much so that Debian have stated the following:

It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation.

Ben Laurie has posted a great blog entry as to why this so stupid. This quote from that entry sums the problem up nicely:

Secondly, if you are going to fix bugs, then you should install this maxim of mine firmly in your head: never fix a bug you don’t understand.

  • debian
  • linux
  • security
  • cornet's blog
  • Add new comment

Hacking BT Home Hubs

cornet — Tue, 2008-01-15 12:29

So first we have the BT Voyger that gave out your username and password if you asked it nicely.

Then, yet again, BT ship a router which another flaw in it.

I've always had this gut feeling that UPnP was bad. It allows machines on your network to modify, for example, settings on your router without any authentication.

  • security
  • cornet's blog
  • Add new comment

Password Analysis

cornet — Wed, 2007-02-21 09:41

After a recent phishing scam, which resulted in someone gaining over 55,000 passwords for my space, someone has posted some analysis on the passwords.

See the results here

  • security
  • cornet's blog
  • Add new comment

Kernel Sorted

cornet — Mon, 2007-02-12 01:11

Upgrading my kernel to 2.6.18 appears to have fixed the issue I was having with aircrack.

Now just need to write a script to make things a bit easier.

  • linux
  • security
  • cornet's blog
  • Add new comment

Aircrack

cornet — Thu, 2007-02-08 01:57

Finally got a 1/2 decent wireless card that will do packet injection.

All I need to do is wait for my kernel to compile again to remove SMP support. At which point I can get on with this tutorial.

  • linux
  • security
  • cornet's blog
  • Add new comment
  • 1
  • 2
  • next ›
  • last »
Syndicate content

Syndicate

Syndicate content

Twitter Updates

    Follow me on Twitter

    Bookmarks

    Bytemark Hosting
    Ubuntu Logo Debian Powered

    • blog
    • about
    • other