Forum     

Go Back   Digit Technology Discussion Forum > Software > Open Source
Debian, Ubuntu SSH Under Attack!fix yours! Debian, Ubuntu SSH Under Attack!fix yours!
Register FAQ Calendar Mark Forums Read

Open Source A place where you can talk to like-minded people about the fastest growing software movement today! Discuss anything and everything about Open Source software and Operating Systems.


Closed Thread
 
LinkBack Thread Tools Display Modes
Old 17-05-2008, 11:56 PM   #1 (permalink)
left this forum longback
 
praka123's Avatar
 
Join Date: Sep 2005
Location: -
Posts: 7,536
Post Debian, Ubuntu SSH Under Attack!fix yours!

Quote:
Debian, Ubuntu SSH Under Attack
 Flaw in an SSL package has led to an Internet security storm surge.



May 15, 2008
By Sean Michael Kerner: More stories by this author:

OpenSSH (define) is one of the most common mechanisms in use for providing secure remote access to servers. A flaw in a key part of how Debian-based Linux distributions like Ubuntu secure OpenSSH has put potentially millions of servers at risk from a brute force attack. The attack could have major implications for the Internet.
The Internet Storm Center (ISC) at SANS is raising the alarm on the issue with a yellow alert on the flaw. According to ISC handler Bojan Zdrnja, the development of automated scripts exploiting key based SSH authentication looks like a real threat to SSH servers around the world. In a blog post, Zdrnja argued that public keys generated on any Debian based machine between September 2006 and 13th of May 2008 are vulnerable.



"It is obvious that this is highly critical -- if you are running a Debian or Ubuntu system, and you are using keys for SSH authentication (ironically, that's something we've been recommending for a long time)," Zdrnja wrote. "In other words, those secure systems can be very easily brute forced."



Security researcher HD Moore, leaders of the Metasploit security effort has gone a step further, explaining in a public post how he was able to brute force 1024, 2048 and 4096-bit keys. The flaw itself exists in a Debian-specific version of the OpenSSL package, which generates the keys that are used in OpenSSH. Even though OpenSSL is widely used by other Linux distributions, it is not necessarily at risk according to Moore.


"The flaw in question was introduced by a Debian-specific patch," Moore told InternetNews.com. "This patch was not pushed upstream to the OpenSSL folks, so only distributions based on Debian have this issue."



"It's obviously a very significant issue being a remote exploit," Canonical CEO Mark Shuttleworth told
read more here:
http://www.internetnews.com/security...der+Attack.htm

Debian and Ubuntu Users: Fix Your Keys
__________________
left this forum long back.Admin Can Delete this Account and posts Permanantly.Thank You
Get GNU/Linux - http://getgnulinux.org
praka123 is offline  
Advertisements. Register and be a member of the community to get rid of them.
Advertisement

Old 18-05-2008, 11:44 AM   #2 (permalink)
in search of myself
 
CadCrazy's Avatar
 
Join Date: Sep 2006
Location: Gurgaon
Posts: 1,720
Default Re: Debian, Ubuntu SSH Under Attack!fix yours!
http://www.thinkdigit.com/forum/showthread.php?t=87864
__________________
::::::::::::::::::::
Unban Praka123
::::::::::::::::::::
Vista is my Secretary | Mac is my Girlfriend | Linux is my Wife
"Ek Se Mera Kya Hoga" :lol:
CadCrazy is offline  
Closed Thread

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Debian and Ubuntu ... What am I missing? FilledVoid Open Source 18 15-12-2007 07:26 PM
Debian as a desktop system-A good alternative to Ubuntu praka123 Open Source 2 22-06-2007 01:15 PM
FSF debuts fully-free Ubuntu/Debian variant praka123 Open Source 30 14-11-2006 12:54 PM

 
Latest Threads
the FOOTBALL channel
- by Arsenal_Gunners
Happy Birthday to MetalheadGautham and others..
- by thetechfreak
Official Android discussion thread
- by amitabhishek
Windows 8 Thread.
- by Sujeet
Your Gaming Backlog/Progress Report!
- by Ethan_Hunt
I am getting a stdole2.tlb error
- by soumya
Battlefield 3 discussion!
- by cyborg47
Sony announces the water-proof Xperia go and Xperia acro S
- by clmlbx
Battlefield 3 Multiplayer Discussion
- by Charan
Kingdom of Amalur: Reckoning discussion
- by vamsi_krishna

Advertisement




All times are GMT +5.5. The time now is 01:24 PM.

Contact Us - Thinkdigit.com - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2012, vBulletin Solutions, Inc.

Search Engine Optimization by vBSEO 3.3.2