It looks like you're using an Ad Blocker.

Please white-list or disable in your ad-blocking tool.

Thank you.


Some features of ATS will be disabled while you continue to use an ad-blocker.


Huge Hole in Open Source Software Found, Leaves Millions Vulnerable

page: 1

log in


posted on May, 25 2008 @ 02:25 AM

It is incredible just how big the effects of the newly discovered error in open source key generation is.

A security flaw has been found in some of the basic code used by a wide variety of Linux security programs. The error originated back in May 2006 when workers on the open-source security project committed a grave and unrealized error.

A simple programming error reduced the entropy in the generated program keys created by the OpenSSL library. Why does this matter? The OpenSSL library's key generation and other routines are used by the SSH remote access program, the IPsec Virtual Private Network (VPN), the Apache Web server, secure email clients, programs that offer secure internet portals and more.

Just two lines of code created crippling security holes in four different open source operating systems, 25 application programs, and millions of internet-attached computer systems. The vulnerability was publicly discovered for the first time May 13, after having left the door open nearly two years. A patch has been distributed, but that can do nothing to repair the damage that has occurred to compromise systems. Worse yet, it appears that through the installation of compromised keys on other systems, numerous systems not even running the code have likely been compromised.


Debian, the Linux variant used largely by security professionals, and Ubuntu, the variant most commonly used by home users are both affected. Furthermore, Windows servers may be compromised as well if they are using keys generated on Linux systems.

Unless you are running Debian or Ubuntu, you probably have little to worry about. To a large extent, servers will be most affected by this. I doubt the average person would ever even know this had happened.

On a side note, anyone else ever feel that one day our technology is going to be our downfall? I swear, the more dependent upon technology we become, the more vulnerable we are.

I'll stop now before I go off on a total tangent....

EDIT to add source link.

[edit on 25-5-2008 by SystemiK]

posted on May, 25 2008 @ 04:07 AM
Oh man I'm on Ubuntu at the moment. I really need to get this fix, thanks for the heads up

new topics

log in