Yesterday Debian issued a security advisory regarding their ssh package. The key generator for openssl keys (affecting ssh, vpns, and certs) has been non random since 2006 (more details here: http://it.slashdot.org/it/08/05/13/1533212.shtml)
If you are running any Ubuntu or Debian systems, make sure you upgrade
packages (the fixes hit the package repositories yesterday afternoon)
otherwise ssh is pretty much just telnet. Ubuntu will regenerate your
host keys for you, and give you other appropriate warnings, things are
more manual on the Debian front (I experienced it first hand on both
systems yesterday.)
-Sean
--
__________________________________________________________________
Sean Dague Mid-Hudson Valley
sean at dague dot net Linux Users Group
http://dague.net http://mhvlug.org
There is no silver bullet. Plus, werewolves make better neighbors
than zombies, and they tend to keep the vampire population down.
__________________________________________________________________
signature.asc
Description: Digital signature
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Jun 4 - Sqeak! and eToys Jul 2 - KVM (Tenative) Aug 6 - Zenos Sep 3 - TBD
