DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 1st September 2011
graudeejs's Avatar
graudeejs graudeejs is offline
Real Name: Aldis Berjoza
formerly killasmurf86
 
Join Date: Jul 2008
Location: Riga, Latvia
Posts: 588
Thanked 29 Times in 26 Posts
Default Security breach at kernel.org

Quote:
An unknown attacker managed to obtain root privileges for some of the most important servers at kernel.org – the main distribution site for the Linux kernel and for a variety of Linux-related software. The web site's news section shows that the administrators detected the intrusion on 28 August.
http://www.h-online.com/open/news/it...g-1334642.html
Reply With Quote
  #2   (View Single Post)  
Old 7th September 2011
comet--berkeley comet--berkeley is offline
Old programmer/hacker
 
Join Date: Apr 2009
Posts: 90
Thanked 1 Time in 1 Post
Default Security breach at kernel.org - Debian Random Number Generator

Yesterday the Register reported that Linus Torvalds, creator of Linux, stopped using kernel.org.

http://www.theregister.co.uk/2011/09...el_for_github/

Apparently the breach of kernel.org is related to a bug in the Debian Linux random number generator which greatly reduced the number of SSH keys that a cracker needs to try:

http://www.theregister.co.uk/2011/08...curity_breach/

http://www.theregister.co.uk/2008/08...tacks_warning/

Sadly, Debian is also the base for Ubuntu and many other Linux distributions so they all had this bad random number generator.

It is not enough to fix the Linux systems. The old SSH keys (public,private, etc.) need to be regenerated and redistributed after the fix as well...
Reply With Quote
  #3   (View Single Post)  
Old 7th September 2011
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is online now
Real Name: Martin
Old man from scene 24
 
Join Date: Apr 2008
Location: Eindhoven, Netherlands
Posts: 2,062
Thanked 198 Times in 156 Posts
Default

The report from the flawed debian prng is from 2008. I find it hard to believe it hasn't been fixed 3 years later ...
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #4   (View Single Post)  
Old 7th September 2011
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts
Default

Well, it did require that people regenerate their keys.. so it's a possibility, but kernel.org would also have had to been using an older version of openssh, as I believe newer versions have the keys blacklisted.
Reply With Quote
  #5   (View Single Post)  
Old 8th September 2011
comet--berkeley comet--berkeley is offline
Old programmer/hacker
 
Join Date: Apr 2009
Posts: 90
Thanked 1 Time in 1 Post
Default Security breach at kernel.org - All DSA keys "Compromised"

Apparently all DSA keys created on a old Debian systems should be considered a liability.

http://rdist.root.org/2009/05/17/the...at-almost-was/

The Debian Security Advisory includes the following language:

"...all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised"

http://www.debian.org/security/2008/dsa-1571

I went out to Google to see how to generate SSH keys ( search on: make ssh keys ).
Many of the articles suggest using ssh-keygen with DSA like this:

ssh-keygen -t dsa

http://pkeck.myweb.uga.edu/ssh/

http://www.cyberciti.biz/tips/ssh-pu...on-how-to.html

How many Debian/Ubuntu users created ssh keys like this and then did not change them?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
RSA breach leaks data for hacking SecurID tokens J65nko News 1 25th March 2011 03:57 PM
PHP.net breach: Concern over safety of source code J65nko News 2 24th March 2011 09:57 AM
*AMP Security: suPHP and CGI classicmanpro NetBSD General 1 14th February 2011 10:46 PM
Tor Project infrastructure updates in response to security breach J65nko News 1 22nd January 2010 06:57 PM


All times are GMT. The time now is 12:06 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick