Archive for the ‘Millions’ Category
DailyTech – Huge Hole in Open Source Software Found, Leaves Millions Vulnerable
Posted on: May 23, 2008
- In: - | DailyTech | Found | Hole | Huge | in | Leaves | Millions | Open Source | Software | Vulnerable
- Leave a Comment
It is incredible just how big the effects of the newly discovered error in open source key generation is
For all the criticism of Microsoft and its security flaws, the software giant has made an impressive turnaround. While Vista has been derided for a variety of reasons, most would agree that it’s much more secure than Windows XP. Recently, a hacker conference showed just how vulnerable systems running Mac OS X are, due to their slow rate of patches. The Mac machine was hijacked within 10 minutes, while the Linux and Windows boxes survived the day.
Now an even worse security flaw has been found in some of the basic code used by a wide variety of Linux security programs. The error originated back in May 2006 when workers on the open-source security project committed a grave and unrealized error.
A simple programming error reduced the entropy in the generated program keys created by the OpenSSL library. Why does this matter? The OpenSSL library’s key generation and other routines are used by the SSH remote access program, the IPsec Virtual Private Network (VPN), the Apache Web server, secure email clients, programs that offer secure internet portals and more.
Just two lines of code created crippling security holes in four different open source operating systems, 25 application programs, and millions of internet-attached computer systems. The vulnerability was publicly discovered for the first time May 13, after having left the door open nearly two years. A patch has been distributed, but that can do nothing to repair the damage that has occurred to compromise systems. Worse yet, it appears that through the installation of compromised keys on other systems, numerous systems not even running the code have likely been compromised.
To understand the error fully, a basic discussion on cryptography is essential. On a network anyone can peek at traffic, which is bad news for anyone sharing personal information. However, by using keys, information can be encrypted and then decrypted on the other side by a friendly computer with the proper key. As a “secure key” is typically 128 bits, which is 2128 or about 3.4*1038, the possibility of breaking the key by merely by a brute force attack is out of the realm of modern computing power. A brute force attack simply involves guessing every single number, but to try to do this on a number of this size would take many years.
DailyTech – Huge Hole in Open Source Software Found, Leaves Millions Vulnerable
Posted on: May 23, 2008
- In: - | DailyTech | Found | Hole | Huge | in | Leaves | Millions | Open Source | Software | Vulnerable
- Leave a Comment
It is incredible just how big the effects of the newly discovered error in open source key generation is
For all the criticism of Microsoft and its security flaws, the software giant has made an impressive turnaround. While Vista has been derided for a variety of reasons, most would agree that it’s much more secure than Windows XP. Recently, a hacker conference showed just how vulnerable systems running Mac OS X are, due to their slow rate of patches. The Mac machine was hijacked within 10 minutes, while the Linux and Windows boxes survived the day.
Now an even worse security flaw has been found in some of the basic code used by a wide variety of Linux security programs. The error originated back in May 2006 when workers on the open-source security project committed a grave and unrealized error.
A simple programming error reduced the entropy in the generated program keys created by the OpenSSL library. Why does this matter? The OpenSSL library’s key generation and other routines are used by the SSH remote access program, the IPsec Virtual Private Network (VPN), the Apache Web server, secure email clients, programs that offer secure internet portals and more.
Just two lines of code created crippling security holes in four different open source operating systems, 25 application programs, and millions of internet-attached computer systems. The vulnerability was publicly discovered for the first time May 13, after having left the door open nearly two years. A patch has been distributed, but that can do nothing to repair the damage that has occurred to compromise systems. Worse yet, it appears that through the installation of compromised keys on other systems, numerous systems not even running the code have likely been compromised.
To understand the error fully, a basic discussion on cryptography is essential. On a network anyone can peek at traffic, which is bad news for anyone sharing personal information. However, by using keys, information can be encrypted and then decrypted on the other side by a friendly computer with the proper key. As a “secure key” is typically 128 bits, which is 2128 or about 3.4*1038, the possibility of breaking the key by merely by a brute force attack is out of the realm of modern computing power. A brute force attack simply involves guessing every single number, but to try to do this on a number of this size would take many years.
Well they must not be paying her by the word: Miley Cyrus just inked a deal to write her *choke, gag* memoirs – for what’s being called a “seven-figure” deal.
15-year-old Miley will recount the portion of her life for which she has been a sentient human being for the Disney Book Group. MC says she hopes to “motivate mothers and daughters to build lifetimes of memories together.” Yawn, but if those saucy snaps are any indication, Volume Two should be a hell of a lot hotter.
Miley made $18.5 million last year.
Eli’s Honeymoon Audible Picked Off
So Eli Manning thought he’d be so clever and QB-sneak off to a “secret” location in Mexico with his bride. Didn’t work.
The New York Daily News reports that Eli and Abby MacGrew were supposed to hang out at their Cabo wedding resort for a few days – but abruptly shipped off to a place they thought they could be alone. Someone forgot to tell the paparazzi, who still got shots of them getting all unnecessary roughness … with some reading material, especially Abby’s book on Darfur.
“Gossip” Gay — Biggest. Anticlimax. Ever.
So you thought that the big outing of a character on “Gossip Girl” was going to be, like, an art-maybe-imitating-life-type thing involving Chace Crawford?
Not so much. Kelly Rutherford, who plays Blake Lively’s mom on the show, blabbed to Us about who would be outed this season – and it’s (watch out, spoiler …) her son, Eric, played by Connor Paolo. Apparently he’s a troubled type, and it’s not the only thing he’s dealing with. But you knew that already.
Party Favors: Kanye and Fiancee – Not Really Finished? … Pacino Got $9 Mil for Terrible Fake Tan … Kid Forces Grandma to Go Gangsta
Kanye West and his fiancée Alexis Phifer may have told the world that they’re history as a couple, but the Chicago Sun-Times says that it might not quite be curtains. A close friend says, “I’m not convinced they are truly, totally over.” … The L.A. Times takes Al Pacino and Robert DeNiro to task for the string of perfunctory paydays they’ve been pumping out recently – like Pacino’s “88 Minutes,” for which he got paid $9 million. … A Florida teen made his borderline senile grandma act in a gangsta rap video, holding a semiautomatic pistol, and he’s been arrested for it, reports the Palm Beach Post.
Valleywag - valleywag.wordpress.com 
Recent Comments