On Sat, May 24, 2008 at 8:18 AM, Raul Limos <[EMAIL PROTECTED]> wrote: > Huge Hole in Open Source Software Found, Leaves Millions Vulnerable: > http://www.dailytech.com/article.aspx?newsid=11869
The news article is blowing the issue out of proportion. The problem only affects Debian systems and derivatives which use the vulnerable OpenSSL libraries. This means that keys generated from such systems are vulnerable and can be decrypted by brute force. This can potentially allow a hacker to listen in on encrypted sessions for https, ssh, vpn and other encrypted services that used keys or certificates derived from the vulnerable OpenSSL packages. However, a fix has been issued as soon as the problem was discovered. And and once keys have been regenerated and deployed the problem goes away. Holden _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
