I guess the magnitude of this fault escaped me :)<br><br><div class="gmail_quote">On Thu, May 22, 2008 at 12:02 PM, George Prowse <<a href="mailto:cokehabit@gmail.com">cokehabit@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Andrew Miller (Spode) wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I'm running Ubuntu Server 8.04 and I did an update as soon as I heard about the fix. It *automatically* regenerated new keys for me. I just had to remove my server from my known_hosts file in order to login.<br>
<br>
Sure, it's a big issue - but did anyone actually exploit it? To be patched up before anyone has actually exploited it is pretty good. Microsoft vuln. are discovered and known for ages before repaired.<br>
<br>
But, I have to admit, (play devils advocate), it would certainly shake my confidence as an outsider...<br>
<br>
Spode<br>
</blockquote>
<br>
I dont think you understand the scope of it, it isn't just a few users signing in and out, some people will have 5000 keys generated on each server each one signing everything from emails to logging in remotely. On top of that, EVERY KEY that has been generated on a debian based machine in the past 20 months is affected because the flaw is in their random number generator. Now add having to send all the new keys to verisign et al and you have a major cleanup operation.<br>
<br>
It was annoying enough for me signing in via ssh from an OSX box, then stopping to delete my cert keys and then having to do it again, imagine having to get people to do that half way across the world.<br>
<br>
Read these:<br>
<a href="http://www.regdeveloper.co.uk/2008/05/21/massive_debian_openssl_hangover/" target="_blank">http://www.regdeveloper.co.uk/2008/05/21/massive_debian_openssl_hangover/</a><br>
<a href="http://metasploit.com/users/hdm/tools/debian-openssl/" target="_blank">http://metasploit.com/users/hdm/tools/debian-openssl/</a><br>
<br>
_______________________________________________<br>
Kent mailing list<br>
<a href="mailto:Kent@mailman.lug.org.uk" target="_blank">Kent@mailman.lug.org.uk</a><br>
<a href="https://mailman.lug.org.uk/mailman/listinfo/kent" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/kent</a><br>
</blockquote></div><br>