BusinessGreen > News > Hacking

Critical Linux vulnerability exposed

Debian and Ubuntu affected by 'insecure randomness' flaw

Clement James, vnunet.com, 21 May 2008

Ubuntu is among the affected Linux distributions

Security experts have warned of a suspected vulnerability in the Debian and Ubuntu Linux operating systems.

Fortify Software confirmed the findings of a posting to the Debian security list last week, which detailed a critical vulnerability in the Open Secure Sockets Layer (SSL) packages within Debian and Ubuntu.

Fredrick Lee, a researcher at Fortify, claimed that the posting actually understates the potential seriousness of the flaw.

"We are calling this vulnerability 'insecure randomness' since it allows an attacker to predict the SSL cryptographic keys used for supposedly secure online transactions," he said.

Lee explained that a malicious user could intercept an ostensibly secure online banking session between a customer and their bank.

"What's worse is that our researchers calculate this flaw has been available to hackers for more than two years," he said.

The problem stems from a bug fix issued by Debian programmers that effectively "emasculates" the randomness engine required to ensure true security within the SSL module.

"Had we been contacted as part of the release strategy, as a number of other developers do, the flaw would have been immediately identified by our research team before the insecure update was released to the public," said Lee.

Permalink Comments Forward Print

digg del.icio.us reddit!

related content

Linux

Open source security improving rapidly

Two-year quality analysis studied 250 popular applications 20 May 2008

One Laptop per Child

OLPC Sugar software goes independent

Walter Bender launches Sugar Labs 19 May 2008

Linux

Asus to offer Linux on all motherboards

Taiwanese manufacturer will embed open source OS across entire range 16 May 2008

OpenSuse joins Google Summer of Code

Novell-sponsored open source project gets 10 slots 16 May 2008

Linux

Debian flaw exposes communications breakdown

A wake up call for open source developers, Gartner warns 28 May 2008

Ubuntu gets major security fix

Update patches kernel flaws 26 Aug 2008

Computer theft

Security expert slams PCI auditing

PCI compliance does not guarantee security 04 Apr 2008

Kaminsky delivers DNS dirt

Researcher explains risks behind flaw 07 Aug 2008

Mozilla takes second shot at Firefox flaw

Company issues new update for QuickTime vulnerability 20 Sep 2007

Solar panels

Solar industry slams "patently false" claims of century-long pay back periods

Report claiming solar panels take over 100 years to recoup their value is just plain wrong, say manufacturers 05 Sep 2008

Honda hybrid

Honda escalates hybrid price war

New hybrid hatchback designed to make dual-drive vehicles more affordable 05 Sep 2008

John McCain

McCain attacks Obama over opposition to nuclear power and oil drilling

Republican attempts to highlight differences over energy policy as both candidates pledge to deliver US energy independence 05 Sep 2008

latest in-depth

Taking Green Initiatives to the Next Level

Once your company has gathered up all the low-hanging fruit, what comes next? Sarah Fister Gale finds that the answer lies in everything from multi-million dollar energy efficiency programmes to printers powered by exercise bikes 03 Sep 2008

Airship

Airships float back to the future

Slow journey times mean airships are highly unlikely to replace passenger jets, but, as Danny Bradbury discovers, a flotilla of new companies are convinced that low-fuel costs mean the old-fashioned aircraft could have huge appeal to freight operators 02 Sep 2008

Oil refinery

Shell slammed over "puzzling" tar sands claims

Recent claims from the oil giant's chief executive suggesting tar sand extraction is required to slow the shift to coal may have caught the eye, but as BusinessGreen.com discovers they do not make much sense 28 Aug 2008

More in-depth

what do you think?

Post your comment

Send an email to the Business Green editor at feedback@businessgreen.com

Reader comments for this story

Post your comment What is this?

advertisement

advertisement

The Carbon Trust

The Carbon Trust provides a raft of best practice guidance, tips and services for businesses and public sector organisations looking to cut their carbon footprint

The Department for Environment, Food and Rural Affairs (DEFRA) website provides information on all the government's environmental policies and regulations

Take part in the green debate

Electric car charging

Electric cars - any good?

Share your experiences of buying and using environmentally friendly vehicles 02 Oct 2007

pound coins

Efficiency and finance

Talk about the bottom-line implications of adopting more sustainable business models 02 Oct 2007

Green button labelled opportunity

Building a greener business

Discuss the steps firms are taking to control and reduce their environmental impact 02 Oct 2007

The Week in Green: Gordon Brown and some unfinished sympathy

I've been feeling a bit sorry for Gordon Brown. I know that as admissions go this is pretty much on a par with confessing to a penchant for the hits... 05 Sep 2008

ExxonMobil, Nick Leeson, and the dilemma of relative terms

The problem with the word "cleanest" is that its definition entirely relative. If you were to look at the criminal records of Reggie Kray, Ronnie Biggs and Nick Leeson I'd... 05 Sep 2008

More from this blog

Your views on the news

180,000 E.On business customers to face energy price hike

Comment: Businesses are being put at risk by big 6

It now seems that with all of the big 6 major electricity suppliers announcing significant price hikes - it will most definately have a knock-on effect upon businesses. I recently read about small businesses are being...

Are energy utilities "doing an IBM" by ignoring solar opportunity?

Comment: Good find!

Yes it seems to be true. They are following IBM path. Sad indeed! www.its2hot.in - A2Z of Environmental Discussion

Read all the latest reader comments

advertisement

advertisement

advertisement