[Romanian].
.
..:
Saturday, May 24, 2008
.openssl.security.mayhem.
as you probably know already, there's been a security alert for openssl.
canonical:
”A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH.”
debian:
“It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation.” (From the Debian Alert).
launchpad:
“You need to take action to continue using Launchpad features such as code hosting. We have deleted your SSH key from Launchpad because we have discovered a potential security vulnerability in the way your key was generated.”
also reported on _the_fridge_ for ubuntu (http://fridge.ubuntu.com/node/1445/).
right; how to fix this.
## update your system:
# install the security updates, i.e.:
feisty : openssh-client 1:4.3p2-8ubuntu1.3 openssh-server 1:4.3p2-8ubuntu1.3.
gutsy : openssh-client 1:4.6p1-5ubuntu0.3 openssh-server 1:4.6p1-5ubuntu0.3.
hardy : openssh-client 1:4.7p1-8ubuntu1.1 openssh-server 1:4.7p1-8ubuntu1.1.
## once the update is applied, weak user keys will be automatically rejected where possible.
# update openssh files.
that is, one shall check whether the key is affected by running the ssh-vulnkey tool (from the security update). (if in doubt, destroy that key and generate a new one.)
# to check all your own keys, assuming they are in the standard locations (~/.ssh/id_rsa || ~/.ssh/id_dsa || ~/.ssh/identity):
% ssh-vulnkey.
# to check all keys on your system:
% sudo ssh-vulnkey -a.
# to check a key in a non-standard location:
% ssh-vulnkey /path/to/key/.
if ssh-vulnkey says "COMPROMISED", the key is vulnerable and __should__ be replaced.
# regenerate any affected user keys openssh or, generate new keys using ssh-keygen, e.g.:
% ssh-keygen.
if necessary, update the files.
however, this situation occurred as the result of a programming bug, not as the result of making some weak key.
we all thank luciano bello, who discovered that the random number generator in deb's openssl package is predictable.
canonical:
”A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH.”
debian:
“It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation.” (From the Debian Alert).
launchpad:
“You need to take action to continue using Launchpad features such as code hosting. We have deleted your SSH key from Launchpad because we have discovered a potential security vulnerability in the way your key was generated.”
also reported on _the_fridge_ for ubuntu (http://fridge.ubuntu.com/node/1445/).
right; how to fix this.
## update your system:
# install the security updates, i.e.:
feisty : openssh-client 1:4.3p2-8ubuntu1.3 openssh-server 1:4.3p2-8ubuntu1.3.
gutsy : openssh-client 1:4.6p1-5ubuntu0.3 openssh-server 1:4.6p1-5ubuntu0.3.
hardy : openssh-client 1:4.7p1-8ubuntu1.1 openssh-server 1:4.7p1-8ubuntu1.1.
## once the update is applied, weak user keys will be automatically rejected where possible.
# update openssh
that is, one shall check whether the key is affected by running the ssh-vulnkey tool (from the security update). (if in doubt, destroy that key and generate a new one.)
# to check all your own keys, assuming they are in the standard locations (~/.ssh/id_rsa || ~/.ssh/id_dsa || ~/.ssh/identity):
% ssh-vulnkey.
# to check all keys on your system:
% sudo ssh-vulnkey -a.
# to check a key in a non-standard location:
% ssh-vulnkey /path/to/key/.
if ssh-vulnkey says "COMPROMISED", the key is vulnerable and __should__ be replaced.
# regenerate any affected user keys openssh or, generate new keys using ssh-keygen, e.g.:
% ssh-keygen.
if necessary, update the
however, this situation occurred as the result of a programming bug, not as the result of making some weak key.
we all thank luciano bello, who discovered that the random number generator in deb's openssl package is predictable.
.
..:
Tuesday, May 20, 2008
Thursday, May 8, 2008
.ubuntu 8.04 release party - la final.
Totul a mers foarte bine: prezentarea (Adi și Jani), poster-ele și sticker-ele, iar apoi, ca de obicei - bere, geek talks și multă voie bună.
Pozele sunt aici:
Stas
Softwareliber.ro
. ..:
Tuesday, May 6, 2008
.ubuntu community council meeting.
The next meeting is scheduled for 6-May-2008, 21:00 UTC and and will be held in #ubuntu-meeting on irc.freenode.net.
Don't miss it.
Don't miss it.
.
..:
Saturday, May 3, 2008
.ubuntu 8.04 release party - 7 mai, cluj-napoca.
Grupul pentru Software Liber din Cluj-Napoca va organiza o petrecere de lansare a noii versiuni Ubuntu și KiwiLinux.
Evenimentul se va desfășura în incinta barului 420 (Strada Avram Iancu nr. 1, intersecția cu Strada Republicii), începând cu ora 7:00 PM (19:00). Cadrul de desfășurare va fi unul mai puțin formal.
Va avea loc o scurtă prezentare a noilor caracteristici Ubuntu și KiwiLinux 8.04, iar apoi vom da frâu liber discuțiilor, alături de un suc sau de o bere. La petrecere se vor împărți postere și autocoloante cu Ubuntu și KiwiLinux.
_Nu_ este nevoie de înregistrare/rezervare/taxă.de.intrare. Absolut toată lumea este invitată să participe alături de noi!
Vă așteptăm!
GSL, Cluj-Napoca.
Evenimentul se va desfășura în incinta barului 420 (Strada Avram Iancu nr. 1, intersecția cu Strada Republicii), începând cu ora 7:00 PM (19:00). Cadrul de desfășurare va fi unul mai puțin formal.
Va avea loc o scurtă prezentare a noilor caracteristici Ubuntu și KiwiLinux 8.04, iar apoi vom da frâu liber discuțiilor, alături de un suc sau de o bere. La petrecere se vor împărți postere și autocoloante cu Ubuntu și KiwiLinux.
_Nu_ este nevoie de înregistrare/rezervare/taxă.de.intrare. Absolut toată lumea este invitată să participe alături de noi!
Vă așteptăm!
GSL, Cluj-Napoca.
.
..:
Subscribe to:
Posts (Atom)
Posts
All Comments
; about::fdd.
- ionuț jula
- twin peaks, 42 milky way, sol system, earth, United States
- -----BEGIN GEEK CODE BLOCK----- GCS/E/IT/L/M/MU/P/S/TW/ dpu s:- a-- C++++(+++) UBHLSV++++ P---(P-) L+++++ E++(+++) W+++ N++++ o+++ K++++++ w O+ M-- V-- PS+++ PE/++ Y+++ PGP++++ t+++/* 5++>++++ X++++ R++@ !tv b++++ DI+++@ D++(+++) G+++++ e* h+>++ !r y**. ma+ k++ F3 X+++ ------END GEEK CODE BLOCK------
![Creative Commons Licence [Some Rights Reserved]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sJradSHXXKucv2_xd5IfiAQGBckIDtY1H-Zg1GaVHbIz23aa_VRFnVbDe3ztQc53B0iIhOp3MSiEFvzufFkXMMERy3IA0ey9dOKECAQ-192wu9WjHW=s0-d)