SSL is only secure as long your cryptographic toolset is secure. Actual you can find a big hole in Debian based systems (e.g. Debian, Ubuntu). It is not only a problem for SSL, also for SSH or OpenVPN. On SSH and OpenVPN you have that issue not only on the server, it is a client problem! My recommendation is to revoke all keys from which are created between September 2006 and May 2008. There are a few test programs on the Internet, I will get you more detail information if available. Please checkout also the Debian Wiki at http://wiki.debian.org/SSLkeys .
This is realy a bad thing for OpenSource community.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment