[PLUG] Alarming Open-Source Security Holes (MIT Technology Review, Debian/Ubuntu SSH Key sec. hole)

Santosh Dawara sdawara at gmail.com
Wed May 28 05:26:56 PDT 2008


http://www.technologyreview.com/Infotech/20801/

Also see, "Vendors are bad for Security"
http://www.links.org/?p=327

-- Quote --
/I’ve ranted about this at length before, I’m sure - even in print, in 
O’Reily’s Open Sources 2. But now Debian have proved me right (again) 
beyond my wildest expectations. Two years ago, they “fixed” a “problem” 
in OpenSSL reported by valgrind[1] by *removing any possibility of 
adding any entropy to OpenSSL’s pool of randomness[2]*./

- Santosh

-- 
Santosh Dawara
visit me at http://www.sukshma.net




More information about the plug-mail mailing list