| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 89843 | 2008-05-13 23:14:00 | Security flaw in OpenSSL/libssl/libcrypto | Erayd (23) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 669151 | 2008-05-13 23:14:00 | Note to anyone using Debian, or a Debian derivitave such as Ubuntu: www.debian.org |
Erayd (23) | ||
| 669152 | 2008-05-16 10:21:00 | Looks like the main NZ mirror for debian isn't receiving push updates properly - it's still carrying the old, vulnerable packages. I strongly recommend anyone using this mirror for updates pull at least openssl, libssl & libcrypto from another mirror (mirror.pacific.net.au is a good one) - the correct version is 0.9.8g-10. Any version lower than 0.9.8g-9 is vulnerable - ftp.nz.debian.org is currently carrying 0.9.8g-8. Note that just upgrading isn't enough - you will also need to regenerate any keys you have (including sshd host keys). |
Erayd (23) | ||
| 669153 | 2008-05-16 11:19:00 | Quite serious all this stuff. INFOCON is on yellow alert after years. |
beeswax34 (63) | ||
| 669154 | 2008-05-18 06:20:00 | There is now a working exploit (www.securityfocus.com) for this, capable of gaining full access in under 20 mins. As an aside, I'm quite surprised at just how little interest there's been in this thread... |
Erayd (23) | ||
| 669155 | 2008-05-18 08:40:00 | Well it had to happen - I've got nothing against any one who uses Linux, Hell I use it all the time to rescue data from broken windows installs. BUT in these times no one, no matter what OS is used can afford to bury their head in the sand and think they are safe from hackers, or other nasties, Sooner or later they will get bitten in the Butt. ( esp if you have your head down Ar*e up in the sand :lol: ) As soon as these people get sick and tired of damaging windows - its whats next for a thrill ?? |
wainuitech (129) | ||
| 669156 | 2008-05-18 09:02:00 | As an aside, I'm quite surprised at just how little interest there's been in this thread...Because most of the users here are home desktop users and your comments/warning probably make little sense to them. Yes there is a major flaw in the mentioned Debian based packages, but what does that mean to the home user? Good on Debian for producing a patch quickly. Good on Fedora for not having that flaw. :p |
Jen (38) | ||
| 669157 | 2008-05-18 09:25:00 | Because most of the users here are home desktop users and your comments/warning probably make little sense to them. Yes there is a major flaw in the mentioned Debian based packages, but what does that mean to the home user? Good on Debian for producing a patch quickly. Good on Fedora for not having that flaw. :p Good on my O/S because it works for me. Windows Vista Ultimate x64. There are a number of people here whom would say that I have the wrong choice of O/S and may try to lead me to Linux. I have tried various versons but I will not be productive. |
Sweep (90) | ||
| 669158 | 2008-05-18 09:32:00 | This came through the few days ago when it was made public, the guys physically managing our server in Auckland just said to regenerate any SSH keys because of this. As soon as these people get sick and tired of damaging windows - its whats next for a thrill ?? I've never agreed with this argument, for years *nix has been the OS with the most worth for finding braggable vulnerabilities because of the security often touted over Windows. It's not like all hackers have collectively ignored any OS that isn't Windows, it's still largely because Windows isn't as secure (and don't read that as *nix is indefinitely secure, I'm not that stupid). |
sal (67) | ||
| 669159 | 2008-05-18 09:54:00 | Good on Fedora for not having that flaw. :p Indeed..... almost an incentive to switch to slackware! :rolleyes: I've never agreed with this argument, for years *nix has been the OS with the most worth for finding braggable vulnerabilities because of the security often touted over Windows. It's not like all hackers have collectively ignored any OS that isn't Windows, it's still largely because Windows isn't as secure (and don't read that as *nix is indefinitely secure, I'm not that stupid).Ditto. But I don't trust any software unreservedly, that's precisely why I keep an eye on security news. Although this one didn't take much finding, it hit the front page of slashdot, xkcd, and a zillion & one blogs. |
Erayd (23) | ||
| 669160 | 2008-05-18 12:01:00 | Haha, the guy who runs xkcd had trouble uploading the new cartoons because his SSH keys din't match the new ones genertaed by his server or something. Owned. |
beeswax34 (63) | ||
| 1 2 | |||||