Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security

Submission + - Entropy Problems for Linux in "The Cloud" (forbes.com)

Submitted by
CalTrumpet
CalTrumpet writes: "Our research group recently spoke at Black Hat USA on the topic of Cloud Computing Security. One of the interesting outcomes of our research was the discovery that the combination of virtualization technologies and public system images results in a problem for random number generation on guest operating systems. This is especially true for Linux, since it's PRNG uses only a small set of entropy gathering events and virtual Linux images often generate SSH host keys within seconds of their initial boot. The slides themselves are available here"

Comment Re:Why was the book released before the patch? (Score 5, Informative) 214

by CalTrumpet (#21796256) Attached to: Flash Vulnerabilities Affect Thousands of Sites
Howdy... I'm actually one of the contributors to the book. We have been working with Adobe and CERT for a while on this issue, and we felt that as much time as is reasonable had elapsed since the initial reporting. The disclosure of security vulnerabilities is always a complicated ethical issue, and you have to weigh the public's right to know with the possibility that a speedy fix may reduce the overall damage from disclosure. Even with several months of work, "patching" the vulnerabilities is complicated, since the issues exist in the SWF files themselves and not in Flash player, so the only solution is for website owners to re-generate their Flash applets with the updated generators, which should be out shortly.

A more formal vulnerability report is being co-ordinated with CERT and should be out soon with the details of the issues.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close