[PLUG] Alarming Open-Source Security Holes (MIT Technology Review, Debian/Ubuntu SSH Key sec. hole)
Santosh Dawara
sdawara at gmail.com
Wed May 28 17:56:56 IST 2008
http://www.technologyreview.com/Infotech/20801/
Also see, "Vendors are bad for Security"
http://www.links.org/?p=327
-- Quote --
/I’ve ranted about this at length before, I’m sure - even in print, in
O’Reily’s Open Sources 2. But now Debian have proved me right (again)
beyond my wildest expectations. Two years ago, they “fixed” a “problem”
in OpenSSL reported by valgrind[1] by *removing any possibility of
adding any entropy to OpenSSL’s pool of randomness[2]*./
- Santosh
--
Santosh Dawara
visit me at http://www.sukshma.net
More information about the Plug-mail
mailing list