Server Buddies
Server Buddies info@serverbuddies.com Server Management LiveZilla Live Help
English
Eng
Server Management Spanish
Spa
Providing Dedicated Server Solutions Just a Click AWAY
Home
Services
Order
Support
News
Contact Us
About Us
server management Server Tweaking Server Monitoring HelpDesk Support Security Audit
Empty
Cpanel Support
Plesk Support
Ensim Support
Webmin Support
Directadmin Support
Empty
We Accept
We accept Visa, Mastercard, Discover and American Express credit cards.
Paypal is also accepted. The email address to use to make PayPal payment to us is:
order@serverbuddies.com
Paypal Accepted Paypal Accepted
2Checkout Accepted
30-Day MoneyBack Guarantee!


Empty
Testimonials
This turned out to be more of a training lesson in Security. ServerBuddies could have done it by theirself but was nice enough to chat me through it so I could understand exactly what was involved. They knew all the answers to my questions and were patient with me while I tried to finally get it. If you are looking for an excellent provider, you canít go wrong with ServerBuddies. Thanks!
AidMedia Solutions.
See more reviews
Empty
News

Impact of the Debian OpenSSL vulnerability

05-01-2008
A severe vulnerability was found in the random number generator (RNG)
of the Debian OpenSSL package, starting with version 0.9.8c-1 (and
similar packages in derived distributions such as Ubuntu). While this
bug is not present in the OpenSSL packages provided by CentOS, it may
still affect CentOS users.

The bug barred the OpenSSL random number generator from gaining enough
entropy required for generating unpredicatable keys. In fact it
appearss that the only source for entropy was the process ID of the
process generating a key, which is chosen from a very small range and
is predictable. As such, all keys generated using the Debian OpenSSL
library should be considered compromized. Programs that use OpenSSL
include OpenSSH and OpenVPN. Note that GnuPG and GNU TLS do not use
OpenSSL, so they are not affected.

This vulnerability can affect CentOS machines through the use of keys
that were generated with the OpenSSL package from Debian. For
instance, if a user uses OpenSSH public key authentication to log on
to a CentOS server, and this user generated the key pair with a
vulnerable OpenSSL library, the server is at heavy risk because the
key can be reproduced easily.

Additionally, all (good) DSA keys that were ever used on a vulnerable
Debian machine for signing or authentication should also be considered
compromized due to a known attack on DSA keys.

As a result of this bug, everyone should audit *every* key or
cerficicate that was generated with OpenSSL, to trace its origin and
make sure that it was not generated with a vulnerable Debian OpenSSL
package. Or in the case of DSA keys care should be taken that they
were not generated or used on a system with a vulnerable OpenSSL
package. Keys that are potentially compromised should be replaced with
strong keys.
Remember, we listen to you! Any comments/suggestions should be sent to info@serverbuddies.com.

 
RedHat Support Debian Support Gentoo Linux Support FreeBSD Support Fedora Support Ubuntu Support CentOS Support SuSe Support
Home | Services | Order | Support | News | About Us | Contact | Site Map | Refund & Privacy Policy | Blog