Overclock.net › Forums › Industry News › Software News › [DT] Huge Hole in Open Source Software Found, Leaves Millions Vulnerable
New Posts  All Forums:Forum Nav:

[DT] Huge Hole in Open Source Software Found, Leaves Millions Vulnerable - Page 2  

post #11 of 33
The problem is that to fix it it is not as simple as an auto-update patch and go about your merry way. Each encrypted file and each computer which has generated a key for an encrypted file on any linux system needs to be re-encrypted to generate a new key such that it maximizes the 128-bit encryption.

Patched or not, those 215 possible keys are there to stay until you manually say otherwise....so this article leads one to believe.
Monolith
(17 items)
 
  
CPUMotherboardGraphicsGraphics
3560K Asrock Z77 Extreme 4 GTX 670 GTX 260 Core 216 
RAMHard DriveHard DriveHard Drive
16 GB G. Skill Ram m4 SSD Hatachi HDDs 250GB W HDD 
Hard DriveOptical DriveOSMonitor
Western Digital HD LG BluRay Burner Windows 7 x64 Qnix 27" QX2700 
KeyboardPowerCaseMouse
Microsoft Sidewinder X4 Corsair HXW 750W NZXT Switch 810 Deathadder 
  hide details  
Monolith
(17 items)
 
  
CPUMotherboardGraphicsGraphics
3560K Asrock Z77 Extreme 4 GTX 670 GTX 260 Core 216 
RAMHard DriveHard DriveHard Drive
16 GB G. Skill Ram m4 SSD Hatachi HDDs 250GB W HDD 
Hard DriveOptical DriveOSMonitor
Western Digital HD LG BluRay Burner Windows 7 x64 Qnix 27" QX2700 
KeyboardPowerCaseMouse
Microsoft Sidewinder X4 Corsair HXW 750W NZXT Switch 810 Deathadder 
  hide details  
post #12 of 33
Quote:
Originally Posted by Daegameth View Post
The problem is that to fix it it is not as simple as an auto-update patch and go about your merry way. Each encrypted file and each computer which has generated a key for an encrypted file on any linux system needs to be re-encrypted to generate a new key such that it maximizes the 128-bit encryption.

Patched or not, those 215 possible keys are there to stay until you manually say otherwise....so this article leads one to believe.
Oh yes, but the article also implies it's a huge job, when it really isn't. Everyone has been notified of this and can update their keys. It's not that big a deal.

I'm not saying it wasn't a problem, but the article and posts after it imply that it makes Linux suddenly insecure in general, which is wrong.
Shinobu
(16 items)
 
Nodoka
(16 items)
 
Index
(4 items)
 
CPUMotherboardGraphicsRAM
Intel Core i5-3570K Asus P8Z77-I Deluxe HD6450 Flex Crucial 16GB (2x 8GB) Ballistix Elite 
Hard DriveHard DriveOSMonitor
Samsung SSD 840 EVO 250GB TOSHIBA DT01ACA300 Arch Linux Dell UltraSharp U2713HM 
MonitorMonitorKeyboardPower
Dell U2410 Dell 2407WFP Cherry - Cherry Blue Switches (Unlabeled keys) Seasonic X-650 
CaseMouseAudioAudio
BitFenix Prodigy Black Logitech M570 Trackball Sennheiser HD595 Creative GigaWorks T20 
CPUMotherboardGraphicsRAM
Intel Core i5 3570K Zotac Z77-ITX WiFi EVGA 680 GTX Samsung 
Hard DriveHard DriveOSMonitor
Samsung 256GB 830 Samsung SpinPoint HD501LJ Windows 7 Dell U2410 
MonitorMonitorKeyboardCase
Dell 2407WFP Dell E248WFP Cherry Black (MX Blue Switches, Blank Keys) Silverstone Sugi SG08B 
MouseAudioAudio
Logitech Trackman Logitech Z-5500 Sennheiser HD595s 
CPUMotherboardRAMHard Drive
AMD Athlon II X2 240e Asus M5A78L-M/USB3 Crucial 8GB (2x4GB) DDR3 1600Mhz Ballistix Sport 1.5TB Hard Drives 
  hide details  
Shinobu
(16 items)
 
Nodoka
(16 items)
 
Index
(4 items)
 
CPUMotherboardGraphicsRAM
Intel Core i5-3570K Asus P8Z77-I Deluxe HD6450 Flex Crucial 16GB (2x 8GB) Ballistix Elite 
Hard DriveHard DriveOSMonitor
Samsung SSD 840 EVO 250GB TOSHIBA DT01ACA300 Arch Linux Dell UltraSharp U2713HM 
MonitorMonitorKeyboardPower
Dell U2410 Dell 2407WFP Cherry - Cherry Blue Switches (Unlabeled keys) Seasonic X-650 
CaseMouseAudioAudio
BitFenix Prodigy Black Logitech M570 Trackball Sennheiser HD595 Creative GigaWorks T20 
CPUMotherboardGraphicsRAM
Intel Core i5 3570K Zotac Z77-ITX WiFi EVGA 680 GTX Samsung 
Hard DriveHard DriveOSMonitor
Samsung 256GB 830 Samsung SpinPoint HD501LJ Windows 7 Dell U2410 
MonitorMonitorKeyboardCase
Dell 2407WFP Dell E248WFP Cherry Black (MX Blue Switches, Blank Keys) Silverstone Sugi SG08B 
MouseAudioAudio
Logitech Trackman Logitech Z-5500 Sennheiser HD595s 
CPUMotherboardRAMHard Drive
AMD Athlon II X2 240e Asus M5A78L-M/USB3 Crucial 8GB (2x4GB) DDR3 1600Mhz Ballistix Sport 1.5TB Hard Drives 
  hide details  
post #13 of 33
Quote:
Originally Posted by Daegameth View Post
The problem is that to fix it it is not as simple as an auto-update patch and go about your merry way. Each encrypted file and each computer which has generated a key for an encrypted file on any linux system needs to be re-encrypted to generate a new key such that it maximizes the 128-bit encryption.

Patched or not, those 215 possible keys are there to stay until you manually say otherwise....so this article leads one to believe.
Er, just so everyone knows, the article formatting got lost in quoting, it should be 2^15 and 2^128, not 215 and 2128. Thats 32,786 keys vs. 340,282,366,920,938,463,463,374,607,431,768,211,45 6 keys.

It is missing about 340 undecillion unique keys.
Edited by The Bartender Paradox - 5/24/08 at 12:38am
½
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD A64 3500+ Winchester DFI nF4 SLi-DR EVGA 7800GT OCZ 4000VX 
Hard DriveOptical DriveOSMonitor
Maxtor 300Gb 16Mb Buffer Spinney one XP Pro SOYO LCD 
KeyboardPowerCaseMouse
Broken Somewhat OCZ PowerStream 520W None Old 
Mouse Pad
Pad? AHAAHAHAH 
  hide details  
½
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD A64 3500+ Winchester DFI nF4 SLi-DR EVGA 7800GT OCZ 4000VX 
Hard DriveOptical DriveOSMonitor
Maxtor 300Gb 16Mb Buffer Spinney one XP Pro SOYO LCD 
KeyboardPowerCaseMouse
Broken Somewhat OCZ PowerStream 520W None Old 
Mouse Pad
Pad? AHAAHAHAH 
  hide details  
post #14 of 33
Quote:
Originally Posted by nathris View Post
Closed Source: 0, Open Source: -1
lol, yeah the scoreboard looks like that if you start counting on May 24, 2008 @ 1:32am.

What's the scoreboard look like if you start counting from... Say 1995?
post #15 of 33
http://www.securityfocus.com/bid/29179

Quote:
Vulnerable:
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu Ubuntu Linux 8.04 LTS i386
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu Ubuntu Linux 7.10 sparc
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu Ubuntu Linux 7.10 lpia
Ubuntu Ubuntu Linux 7.10 i386
Ubuntu Ubuntu Linux 7.10 amd64
Ubuntu Ubuntu Linux 7.04 sparc
Ubuntu Ubuntu Linux 7.04 powerpc
Ubuntu Ubuntu Linux 7.04 i386
Ubuntu Ubuntu Linux 7.04 amd64
Stonesoft StoneGate SSL VPN Engine 1.1
Stonesoft StoneGate IPS Sensor and Analyzer 4.2.2
Stonesoft StoneGate IPS Sensor and Analyzer 4.2
Stonesoft StoneGate IPS Sensor and Analyzer 4.1.2
Stonesoft StoneGate IPS Sensor and Analyzer 4.1
Stonesoft StoneGate IPS Sensor and Analyzer 4.0
Stonesoft StoneGate High Availability Firewall and VPN 4.2.1
Stonesoft StoneGate High Availability Firewall and VPN 4.2
Rsyncrypto Rsyncrypto 1.10
Rsyncrypto Rsyncrypto 0
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
Asterisk Asterisk 0

Not Vulnerable:
Stonesoft StoneGate IPS Sensor and Analyzer 4.2.3
Stonesoft StoneGate IPS Sensor and Analyzer 4.1.3
Stonesoft StoneGate IPS Sensor and Analyzer 4.0.1
Stonesoft StoneGate High Availability Firewall and VPN 4.2.2
This issue affects only a modified OpenSSL package for Debian prior to version 0.9.8c-4etch3.
Unfortunately it affects my favorite distro - Debian.

A single
Code:
apt-get update
apt-get install openssl
would fix the problem.
Ferberite
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz Lenovo Thinkpad Edge E520 AMD Radeon HD 6630M 6GB DDR3 @ 1333MHz  
Hard DriveHard DriveOSOS
Samsung 850EVO HITACHI HTS727550A9E364 7.2krpm Debian 7.0 Win7 
OSMonitorMonitorKeyboard
Win8 15.6 Zoll 16:9, 1366x768 Pixel, AUO23EC, spiege... 24" Dell U2412M, 1920x1200 Integrated + External 
PowerCase
20V, 4.5A Lenovo Thinkpad Edge 
  hide details  
Ferberite
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz Lenovo Thinkpad Edge E520 AMD Radeon HD 6630M 6GB DDR3 @ 1333MHz  
Hard DriveHard DriveOSOS
Samsung 850EVO HITACHI HTS727550A9E364 7.2krpm Debian 7.0 Win7 
OSMonitorMonitorKeyboard
Win8 15.6 Zoll 16:9, 1366x768 Pixel, AUO23EC, spiege... 24" Dell U2412M, 1920x1200 Integrated + External 
PowerCase
20V, 4.5A Lenovo Thinkpad Edge 
  hide details  
post #16 of 33
Quote:
Originally Posted by Vegnagun666 View Post
MS should make a comercial of pc vs mac where pc's fighting off like hijackers at a bank or something.. With an awesome karate kid headband.. while macs being taken hostage w/ a gun to his head.. That'd be fun
too bad MS won't stoop to Mac's level, people would criticize MS for a long time if they made a commercial like that.
People working for apple are a little bit full of themselves when it comes to their products. I have noticed that most of the Mac users I know become total jerks if I say one thing about computers.

Back on topic, I wonder if any hackers even knew about this for the last two years? Somebody must have, at least one person out of thousands and thousands of hackers.
Sager NP5165
(7 items)
 
 
CPUGraphicsHard DriveOptical Drive
I7 2630QM Nvidia Geforce GT 555 Hitachi BLU-RAY 
MonitorMonitorMouse
1080p Matte 95% Color Gamut Yamakasi Precision 2703 LED IPS Microsoft Sidewinder 
CPUMotherboardGraphicsRAM
Opteron 170 DFI NF4 Ultra-D 8800GTS 4x1GB GSkill 500mhz HZs 
Hard DriveOptical DriveOSMonitor
160GB + 120GB LiteOn LiteScribe DVD burner Windows 7 Home Prem. Samsung 220WM 22" + LG f-Engine 17" (dual screen) 
KeyboardPowerCaseMouse
HP Internet/Media Keyboard Ultra 600W AeroCool AeroEngine II. Rice for computers Logitech LX7 
Mouse Pad
Belkin with Gel Wrist Pad 
  hide details  
Sager NP5165
(7 items)
 
 
CPUGraphicsHard DriveOptical Drive
I7 2630QM Nvidia Geforce GT 555 Hitachi BLU-RAY 
MonitorMonitorMouse
1080p Matte 95% Color Gamut Yamakasi Precision 2703 LED IPS Microsoft Sidewinder 
CPUMotherboardGraphicsRAM
Opteron 170 DFI NF4 Ultra-D 8800GTS 4x1GB GSkill 500mhz HZs 
Hard DriveOptical DriveOSMonitor
160GB + 120GB LiteOn LiteScribe DVD burner Windows 7 Home Prem. Samsung 220WM 22" + LG f-Engine 17" (dual screen) 
KeyboardPowerCaseMouse
HP Internet/Media Keyboard Ultra 600W AeroCool AeroEngine II. Rice for computers Logitech LX7 
Mouse Pad
Belkin with Gel Wrist Pad 
  hide details  
post #17 of 33
Quote:
Originally Posted by nategr8ns View Post
too bad MS won't stoop to Mac's level, people would criticize MS for a long time if they made a commercial like that.
People working for apple are a little bit full of themselves when it comes to their products. I have noticed that most of the Mac users I know become total jerks if I say one thing about computers.

Back on topic, I wonder if any hackers even knew about this for the last two years? Somebody must have, at least one person out of thousands and thousands of hackers.
It's possible, but the chance of a hacker knowing about it is about the same as a developer knowing about it, and as that only just happened, it's pretty low. We never saw machines being rooted en-masse, so it obviously wasn't in much usage, if at all.
Shinobu
(16 items)
 
Nodoka
(16 items)
 
Index
(4 items)
 
CPUMotherboardGraphicsRAM
Intel Core i5-3570K Asus P8Z77-I Deluxe HD6450 Flex Crucial 16GB (2x 8GB) Ballistix Elite 
Hard DriveHard DriveOSMonitor
Samsung SSD 840 EVO 250GB TOSHIBA DT01ACA300 Arch Linux Dell UltraSharp U2713HM 
MonitorMonitorKeyboardPower
Dell U2410 Dell 2407WFP Cherry - Cherry Blue Switches (Unlabeled keys) Seasonic X-650 
CaseMouseAudioAudio
BitFenix Prodigy Black Logitech M570 Trackball Sennheiser HD595 Creative GigaWorks T20 
CPUMotherboardGraphicsRAM
Intel Core i5 3570K Zotac Z77-ITX WiFi EVGA 680 GTX Samsung 
Hard DriveHard DriveOSMonitor
Samsung 256GB 830 Samsung SpinPoint HD501LJ Windows 7 Dell U2410 
MonitorMonitorKeyboardCase
Dell 2407WFP Dell E248WFP Cherry Black (MX Blue Switches, Blank Keys) Silverstone Sugi SG08B 
MouseAudioAudio
Logitech Trackman Logitech Z-5500 Sennheiser HD595s 
CPUMotherboardRAMHard Drive
AMD Athlon II X2 240e Asus M5A78L-M/USB3 Crucial 8GB (2x4GB) DDR3 1600Mhz Ballistix Sport 1.5TB Hard Drives 
  hide details  
Shinobu
(16 items)
 
Nodoka
(16 items)
 
Index
(4 items)
 
CPUMotherboardGraphicsRAM
Intel Core i5-3570K Asus P8Z77-I Deluxe HD6450 Flex Crucial 16GB (2x 8GB) Ballistix Elite 
Hard DriveHard DriveOSMonitor
Samsung SSD 840 EVO 250GB TOSHIBA DT01ACA300 Arch Linux Dell UltraSharp U2713HM 
MonitorMonitorKeyboardPower
Dell U2410 Dell 2407WFP Cherry - Cherry Blue Switches (Unlabeled keys) Seasonic X-650 
CaseMouseAudioAudio
BitFenix Prodigy Black Logitech M570 Trackball Sennheiser HD595 Creative GigaWorks T20 
CPUMotherboardGraphicsRAM
Intel Core i5 3570K Zotac Z77-ITX WiFi EVGA 680 GTX Samsung 
Hard DriveHard DriveOSMonitor
Samsung 256GB 830 Samsung SpinPoint HD501LJ Windows 7 Dell U2410 
MonitorMonitorKeyboardCase
Dell 2407WFP Dell E248WFP Cherry Black (MX Blue Switches, Blank Keys) Silverstone Sugi SG08B 
MouseAudioAudio
Logitech Trackman Logitech Z-5500 Sennheiser HD595s 
CPUMotherboardRAMHard Drive
AMD Athlon II X2 240e Asus M5A78L-M/USB3 Crucial 8GB (2x4GB) DDR3 1600Mhz Ballistix Sport 1.5TB Hard Drives 
  hide details  
post #18 of 33
Quote:
Originally Posted by nathris View Post
Wow I guess all of the linux fanboys are too stunned to respond...


Closed Source: 0, Open Source: -1


This is why I hate all of this library and dependency and compile before you install crap, because if someone who has no idea your project exists and just happens to be working on one of the dozens of dependencies you're using screws up you're screwed too. Its like trying to build an upside down pyramid.
HURRR it only affects Debians DURRR
Melysa
(14 items)
 
  
CPUMotherboardGraphicsRAM
E8400 @ 3.6GHz DFI LanParty JR P45-T2RS Sapphire 7850 2GB w/ Scythe Ultra Kaze 8 GB 
Hard DriveCoolingOSMonitor
many hard drives Corsair H100 Windows 8.1 Dell S2340L 23" 
KeyboardPowerCaseMouse
Logitech K120 Seasonic S12 II 620W HAF 932 Logitech G300 
  hide details  
Melysa
(14 items)
 
  
CPUMotherboardGraphicsRAM
E8400 @ 3.6GHz DFI LanParty JR P45-T2RS Sapphire 7850 2GB w/ Scythe Ultra Kaze 8 GB 
Hard DriveCoolingOSMonitor
many hard drives Corsair H100 Windows 8.1 Dell S2340L 23" 
KeyboardPowerCaseMouse
Logitech K120 Seasonic S12 II 620W HAF 932 Logitech G300 
  hide details  
post #19 of 33
Open Source mentality: a vulnerability, yes we know, we created it.

Closed Source mentality: a vulnerability, what the... omg, how, what? install Norton!
Blood
(13 items)
 
  
Blood
(13 items)
 
  
post #20 of 33
Neener neener.
2 OP pls nerf
(12 items)
 
For Sale: For Sale: EVGA GTX 950
$75 (USD) or best offer
 
CPUMotherboardGraphicsRAM
i7 7700K Asus Z170-E ATX Asus GTX 1060 6GB GeIL 8GB DDR4 3600 
Hard DriveHard DriveCoolingOS
Sandisk Ultra II 480GB SSD Western Digital EZRZ 3TB Cryorig H7 Windows 10 Pro x64 
PowerAudioAudioAudio
Silverstone 500w Gold Lepai LP-2020A+ AudioSource LS100 Polk Audio PSW111 
  hide details  
2 OP pls nerf
(12 items)
 
For Sale: For Sale: EVGA GTX 950
$75 (USD) or best offer
 
CPUMotherboardGraphicsRAM
i7 7700K Asus Z170-E ATX Asus GTX 1060 6GB GeIL 8GB DDR4 3600 
Hard DriveHard DriveCoolingOS
Sandisk Ultra II 480GB SSD Western Digital EZRZ 3TB Cryorig H7 Windows 10 Pro x64 
PowerAudioAudioAudio
Silverstone 500w Gold Lepai LP-2020A+ AudioSource LS100 Polk Audio PSW111 
  hide details  
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
This thread is locked  
Overclock.net › Forums › Industry News › Software News › [DT] Huge Hole in Open Source Software Found, Leaves Millions Vulnerable