NEWSFLASH: Debian and Ubuntu SSH and SLL bug leaves servers vulnerable

A serious bug in Debian's random number generator has been patched overnight. We cover the bug - and the fix - in a special edition of our Risky Business podcast.

Newsflash at 4pm on Wednesday May 14. This is a Risky Business special broadcast -- we have broken our regular programming schedule to bring you this special report. Download it from:

 Most listeners would be aware that a serious bug in Debian's random number generator has been patched overnight. Unfortunately, all keys generated by Debian systems (and by the looks of things Ubuntu systems as well) are completely useless and need to be regenerated.

That means you SSH and SSL content encryption AND authentication has been rendered ineffective. Not only are your server generated keypairs ineffective, any user-generated keypair made with a Debian or Ubuntu box and accepted by an SSH server is vulnerable.

H D Moore is currently working on what sounds like a rainbow table-style attack which will allow him to brute force authentication over SSH in 2.5 to 6 hours. Because of the rainbow table nature of the attack, it also means he can decode intercepted packets in a matter of seconds.

Read more on Security policy and user awareness

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.