Tools Already Circulating to Crack Debian, Ubuntu SSH/SSL Keys
Gregg Keizer writes on ComputerWorld:
A recently disclosed vulnerability in widely used Linux distributions can be exploited by attackers to guess cryptographic keys, possibly leading to the forgery of digital signatures and theft of confidential information, a noted security researcher said today.More here.
HD Moore, best known as the exploit researcher who created the Metasploit penetration testing framework, called the vulnerability in Debian and Ubuntu systems "ugly" and said it will be a big job for administrators to find every flawed key, then reissue them.
The bug, noted Tuesday by the Debian Project, is in the random number generator used to produce a variety of digital keys, including SSH (Secure Shell) keys and SSL (Secure Socket Layer) certificates. The latter are widely used to secure traffic between users and secure sites on the Internet.
According to Moore, the bug makes it relatively easy to "guess" keys. In a blog post yesterday, Moore claimed he was able to generate 1024- and 2048-bit keys in about two hours.
0 Comments:
Post a Comment
<< Home