BusinessGreen > News > Hacking

Critical Linux vulnerability exposed

Debian and Ubuntu affected by 'insecure randomness' flaw

Clement James, vnunet.com, 21 May 2008

Ubuntu is among the affected Linux distributions

Security experts have warned of a suspected vulnerability in the Debian and Ubuntu Linux operating systems.

Fortify Software confirmed the findings of a posting to the Debian security list last week, which detailed a critical vulnerability in the Open Secure Sockets Layer (SSL) packages within Debian and Ubuntu.

Fredrick Lee, a researcher at Fortify, claimed that the posting actually understates the potential seriousness of the flaw.

"We are calling this vulnerability 'insecure randomness' since it allows an attacker to predict the SSL cryptographic keys used for supposedly secure online transactions," he said.

Lee explained that a malicious user could intercept an ostensibly secure online banking session between a customer and their bank.

"What's worse is that our researchers calculate this flaw has been available to hackers for more than two years," he said.

The problem stems from a bug fix issued by Debian programmers that effectively "emasculates" the randomness engine required to ensure true security within the SSL module.

"Had we been contacted as part of the release strategy, as a number of other developers do, the flaw would have been immediately identified by our research team before the insecure update was released to the public," said Lee.

Permalink Comments Forward Print

digg del.icio.us reddit!

related content

Linux

Open source security improving rapidly

Two-year quality analysis studied 250 popular applications 20 May 2008

One Laptop per Child

OLPC Sugar software goes independent

Walter Bender launches Sugar Labs 19 May 2008

Linux

Asus to offer Linux on all motherboards

Taiwanese manufacturer will embed open source OS across entire range 16 May 2008

OpenSuse joins Google Summer of Code

Novell-sponsored open source project gets 10 slots 16 May 2008

Linux

Debian flaw exposes communications breakdown

A wake up call for open source developers, Gartner warns 28 May 2008

Computer theft

Security expert slams PCI auditing

PCI compliance does not guarantee security 04 Apr 2008

Sun patches 'critical' Java flaws

Problems with JDK, JRE and SDK 05 Oct 2007

Data security

Enterprise Security Technology

US security blunder exposes residents' data

Oklahoma leaves sensitive information in public domain for three years 22 Apr 2008

Hacking

Enterprise Security Technology

Researchers warn of serious Windows flaw

Vulnerability confirmed in Windows 2000, but could also be present in XP 13 Nov 2007

Sydney

Environment minister attends Sydney conference virtually

Phil Woolas practices what he preaches 23 Jul 2008

Capitol building

Oil baron predicts prices could hit $300 a barrel

T Boone Pickens urges Senate to embrace plan to generate more than a fifth of US energy from wind 23 Jul 2008

Cornfield

Tesco turns to straw power

New Combined Heat and Power plant to provide carbon netural energy to distribution centre 23 Jul 2008

latest in-depth

Paul Thomas

It's always good to talk

When faced with NGO criticism over their environmental performance, many firms simply batten down the hatches. But, as Paul Thomas argues, communicating with your detractors represents the best means of minimising brand damage 23 Jul 2008

money in a briefcase

How to talk to the money men

Tom Whitehouse, chief executive of green PR consultancy Carbon International, offers tips on how green business startups can best attract investment 21 Jul 2008

Navigating the wilderness of green business certifications

Every business seems to want a green label or quality mark, but with so many certification schemes now available which one should they choose? Tilde Herrera investigates 18 Jul 2008

More in-depth

what do you think?

Post your comment

Send an email to the Business Green editor at feedback@businessgreen.com

Reader comments for this story

Post your comment What is this?

advertisement

advertisement

The Carbon Trust

The Carbon Trust provides a raft of best practice guidance, tips and services for businesses and public sector organisations looking to cut their carbon footprint

The Department for Environment, Food and Rural Affairs (DEFRA) website provides information on all the government's environmental policies and regulations

Take part in the green debate

Electric car charging

Electric cars - any good?

Share your experiences of buying and using environmentally friendly vehicles 02 Oct 2007

pound coins

Efficiency and finance

Talk about the bottom-line implications of adopting more sustainable business models 02 Oct 2007

Green button labelled opportunity

Building a greener business

Discuss the steps firms are taking to control and reduce their environmental impact 02 Oct 2007

The Week in Green: why it's time to look behind the green labels

Gold is better than bronze, right? Well, not always. Under proposals set out this week by Ofgem and designed to slap gold, silver or bronze labels on energy companies' various green energy tariffs, some firms could...

18 Jul 2008

When will green businesses find their voice?

Today's sadly inevitable decision to delay the planned increase in fuel duty met with an equally inevitable chorus of crowing from motoring groups. "Good," said the seemingly endless battalion of associations, lobbyists and trade groups who...

16 Jul 2008

More from this blog

Your views on the news

How carbon heavy is your email?

Comment: Carbon footprint of email

It is extremely important that companies like Sun carry out and/or support peer reviewed analysis of the amount of energy that is consumed and the volume of greenhouse gasses that are emitted by IT. We may...

Gore outlines vision for a fossil fuel free future

Comment: Here He Goes Again

Typical Al Gore. Always late to the party, but pretends to be the host.

Read all the latest reader comments

advertisement

advertisement

advertisement