-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 25/06/13 22:27, Eugen Leitl wrote:
> A Taste of Salt: Like Puppet, Except It Doesn’t Suck Except that their crypto does.. http://docs.saltstack.com/topics/releases/0.15.1.html#rsa-key-generation-fault CVE-2013-2228. https://github.com/saltstack/salt/commit/5dd304276ba5745ec21fc1e6686a0b28da29e6fc # tarcieri commented on 5dd3042 # # I think the larger question here is: why aren't you using TLS? # # I will warn you in advance that "because we're using ZeroMQ" is # a silly answer. This is at least the third vulnerability that has # been found in your homebrew transport encryption, after the lack # of a MAC and a timing attack. I hope you now realize that # homebrewing your own transport encryption is a bad idea and you # should seriously consider switching to TLS at this point to avoid # future attacks. - -- Christopher Samuel Senior Systems Administrator VLSCI - Victorian Life Sciences Computation Initiative Email: [email protected] Phone: +61 (0)3 903 55545 http://www.vlsci.org.au/ http://twitter.com/vlsci -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHQ+V0ACgkQO2KABBYQAh9zjgCfTblwfHPeQAMhJqS3OL6VvrYB LBgAni/QbwABsv5czXK9kOq1wPzwaBsp =wNaE -----END PGP SIGNATURE----- _______________________________________________ Beowulf mailing list, [email protected] sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
