Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Debian Bug Leaves Private SSL/SSH Keys Guessable 670

SecurityBob writes "Debian package maintainers tend to very often modify the source code of the package they are maintaining so that it better fits into the distribution itself. However, most of the time, their changes are not sent back to upstream for validation, which might cause some tension between upstream developers and Debian packagers. Today, a critical security advisory has been released: a Debian packager modified the source code of OpenSSL back in 2006 so as to remove the seeding of OpenSSL random number generator, which in turns makes cryptographic key material generated on a Debian system guessable. The solution? Upgrade OpenSSL and re-generate all your SSH and SSL keys. This problem not only affects Debian, but also all its derivatives, such as Ubuntu." Reader RichiH also points to Debian's announcement and Ubuntu's announcement.

Google Antiphishing Site Exposed Private User Data 69

Juha-Matti Laurio writes "Google has removed a few user names and passwords posted inadvertently to a phishing blacklist it compiles and makes publicly available on the Web. This information was submitted to Google by Firefox users with the browser's internal antiphishing toolbar. This feature, developed in cooperation with Google, enables users to report potential phishing sites to Google's blacklist database. Google has reportedly implemented a new mechanism detecting login data in submitted URLs to prevent sensitive information from getting posted to the list." The article notes that news of this minor lapse may obscure the ongoing problem of sensitive data exposed on the Web and findable via Google and other search services.

Artificial intelligence has the same relation to intelligence as artificial flowers have to flowers. -- David Parnas