Programming Error Made Years Ago turns Open Source Software into Ticking Time Bomb

zekrahminator · May 25, 2008, 10:16 PM

When open source software makers made what would eventually become the more current versions of Linux, Unix, and Mac OS X, they undertook a very important task: ensuring that whenever a password was generated to keep confidential data secret, that it would actually be secure. However, they apparently made a rudimentary programming error, and it went out into the world of open source software unnoticed. A couple years down the road, some hackers pointed out with glee that the OpenSSL key generator is basically useless as a security measure (the actual flaw is explained much more thoroughly in the source link). Because OpenSSL is used in far more systems than a couple home servers, we have a serious problem on our hands. Even though the original authors have issued a patch, there's no guarantee that it will get around fast enough to prevent some serious damage.

Source: Daily Tech

jocksteeluk · May 25, 2008, 10:29 PM

On the brighter side since the software is open source there shouldn't be anyone to sue.

WarEagleAU · May 26, 2008, 01:23 AM

Haha, thats right Jocksteel. Hopefully, nothing major will come from this.

pentastar111 · May 26, 2008, 02:26 AM

Well there goes the "alternate" OS's claims of being more "secure" than Windows..

..Hmmm...I guess if someone has the know-how and the smarts for it, anything can be hacked..

Shyska · May 26, 2008, 04:44 PM

Why it doesn't surprise me that there are no legitimate sources on this topic...

@zekrahminator: Please consider some research before posting such serious accusations.

iLLz · May 26, 2008, 11:02 PM

Quote:

Originally Posted by Shyska

Why it doesn't surprise me that there are no legitimate sources on this topic...

@zekrahminator: Please consider some research before posting such serious accusations.

How about you click the source link which has plenty of info and links for you to click!

Haytch · May 27, 2008, 01:41 AM

The patch was released ages ago. Its opensource. Here's your free chill pill. Wooohooo

Shyska · May 27, 2008, 05:52 AM

Quote:

Originally Posted by iLLz

How about you click the source link which has plenty of info and links for you to click!

Have you tried?

No offence, just refering something more trustworthy would make much more sence on such a case. Don't you agree?

beyond_amusia · May 27, 2008, 07:26 AM

Linux is not immune to hackers and malware, and niether is OS X; they are not widely exploited because they are not widely used by home users.

Rebo&Zooty · May 27, 2008, 09:14 PM

http://www.dailytech.com/Apples+Safa...ticle11299.htm

mac got pwnd and windows and linux survived.......yeah thats proof whos more secure :P

Davidelmo · May 27, 2008, 10:55 PM

Of course they aren't immune, but they are less used (and thus less popular with hackers etc.)

If someone wants to steal bank details, it's easier on a family compuer with kids and parents using it, rather than a linux machine with a 22yr old computer geek using it. The operating system is only one factor, and most "hacks" are often from human error anyway (i.e. having stupidly easy passwords, clicking ads wih viruses etc)

May 25, 2008, 10:16 PM	#1
zekrahminator McLovin Join Date: Jan 2006 Location: My house. Posts: 6,280 (2.33/day) Thanks: 105 Thanked 340 Times in 246 Posts System Specs	Programming Error Made Years Ago turns Open Source Software into Ticking Time Bomb When open source software makers made what would eventually become the more current versions of Linux, Unix, and Mac OS X, they undertook a very important task: ensuring that whenever a password was generated to keep confidential data secret, that it would actually be secure. However, they apparently made a rudimentary programming error, and it went out into the world of open source software unnoticed. A couple years down the road, some hackers pointed out with glee that the OpenSSL key generator is basically useless as a security measure (the actual flaw is explained much more thoroughly in the source link). Because OpenSSL is used in far more systems than a couple home servers, we have a serious problem on our hands. Even though the original authors have issued a patch, there's no guarantee that it will get around fast enough to prevent some serious damage. Source: Daily Tech

Processor:	AMD Athlon 64 X2 4800+ Brisbane @ 2.8GHz (224x12.5, 1.425V)
Motherboard:	Gigabyte sumthin-or-another, it's got an nForce 430
Cooling:	Dual 120mm case fans front/rear, Arctic Cooling Freezer 64 Pro, Zalman VF-900 on GPU
Memory:	2GB G.Skill DDR2 800
Video Card:	Sapphire X850XT @ 580/600
Hard Disk:	WD 160 GB SATA hard drive.
Optical Drive:	Lite-On DVD-RW.
CRT/LCD Model:	Hanns G 19" widescreen, 5ms response time, 1440x900
Case:	Thermaltake Soprano (black with side window).
Sound Card:	Soundblaster Live! 24 bit (paired with X-530 speakers).
PSU:	ThermalTake 430W TR2
Software:	XP Home SP2, can't wait for Vista SP1.

May 25, 2008, 10:29 PM	#2
jocksteeluk Join Date: Jan 2006 Location: The 13th room on the 13th floor of the 13th building. Posts: 1,427 (0.53/day) Thanks: 22 Thanked 48 Times in 39 Posts System Specs	On the brighter side since the software is open source there shouldn't be anyone to sue. __________________ XXXI III MCMLXXXII

Processor:	custom dupont risk chip cpu prototype
Motherboard:	custom ibm x5 solid state carbon mainboard
Cooling:	industrial technologies prototype dupont custom heat transfer unit
Memory:	6x 2gig prototype ecc hnc ddr4
Video Card:	prototype low energy version nvidia 9 series unnumberd card
Hard Disk:	1tb solid state hdd
Optical Drive:	prototype hybrid Lg hd-dvd 30x + Blu-ray30x drive
CRT/LCD Model:	44 inch samsung plasma screen tv/monitor
Case:	custom ibm mobile home server case
Sound Card:	custom Yamaha sound processing processor in spm format
PSU:	1200watt deli cord custom made dupont type psu
Software:	sun unix/windows type v

May 26, 2008, 01:23 AM	#3
WarEagleAU Bird of Prey Join Date: Jul 2006 Location: Gurley, AL Posts: 9,994 (3.94/day) Thanks: 3,810 Thanked 557 Times in 521 Posts System Specs	Haha, thats right Jocksteel. Hopefully, nothing major will come from this. __________________ =-TheEagle-= http://www.heatware.com/eval.php?id=62454 “You crazy? Surfing any website without an antivirus is like freaking with a dirty woman without protection” -OzzmanFloyd120 - Edited for content and clarity

System Name:	Boddha Getta
Processor:	AMD FX 6100 @ 4.432Ghz @1.401V
Motherboard:	ASUS M5A99X EVO AMD 990X AMD SB950
Cooling:	Custom Water. EK 240MM Kit, Supreme HSF - Runs 35C
Memory:	2 x 4GB Corsair Vengeance White LP @ 1.35V
Video Card:	XFX Radeon HD 6870 900/1050 (no OC yet)
Hard Disk:	WD Caviar Black 1.0TB, WD Caviar Green 1.0TB, WD 160GB
Optical Drive:	Samung SH22SL 22X Lightscribe DVD+/-R/RW LG BDRE Reader/Burner Lite ON Max Burner for burning Xbox
CRT/LCD Model:	Asus VH222/S 22: (21.5" Viewable) 1920x1080p HDMI LCD Monitor
Case:	NZXT White Phantom
Sound Card:	Onboard Realtek 5.1
PSU:	NZXT Hale 90 Gold Cert 750W Modular PSU
Software:	Windows 7 Pro 64 bit.
Benchmarks:	5.9 Windows Index rating 3D06 - 17472

May 26, 2008, 02:26 AM	#4
pentastar111 Join Date: Aug 2006 Location: Los Angeles...U.S.A Posts: 615 (0.25/day) Thanks: 155 Thanked 31 Times in 25 Posts System Specs	Well there goes the "alternate" OS's claims of being more "secure" than Windows....Hmmm...I guess if someone has the know-how and the smarts for it, anything can be hacked.. __________________ Check out my rig http://www.techpowerup.com/gallery/2059.html http://www.techpowerup.com/gallery/2742.html

Processor:	i7 920
Motherboard:	EVGA X58
Cooling:	eight 120mm fans, Swiftech GTZ cpu block, 3 120mm radiator, MCP655 pump, primochill tubing
Memory:	6 gig G-Skill DDR3 1600
Video Card:	GTX 285's (SLI)
Hard Disk:	500GB Western Digital
Optical Drive:	Asus SATA drives
CRT/LCD Model:	3 Asus 23 in inchers
Case:	Lian Li A77B
Sound Card:	on board 7.1
PSU:	Corsair 1000
Software:	win 7 64

May 26, 2008, 04:44 PM	#5
Shyska Join Date: Sep 2005 Posts: 155 (0.05/day) Thanks: 4 Thanked 16 Times in 16 Posts System Specs	Why it doesn't surprise me that there are no legitimate sources on this topic... @zekrahminator: Please consider some research before posting such serious accusations. __________________ 3dmark05 7024 http://service.futuremark.com/compare?3dm05=2026700

Processor:	AMD Athlon64 3000+ Venice @2.5GHz
Motherboard:	Asus A8N-E :(this board limits my cpu overclock ):
Cooling:	CPU box, GPU Zalman VF700-Cu
Memory:	2x512MB PC3200 @227MHz
Video Card:	Sapphire X850XT 256MB PCI-E @ 605/618
Hard Disk:	40GB & 120GB Maxtors
PSU:	Generic 400W
Software:	Windows XP Pro SP2 \| Debian GNU/Linux <sarge>

System Name:	iLLz-CreaTionZ
Processor:	Intel Core 2 Quad Q6700 G0 Stepping @ 3.33 GHz @ 1.325V
Motherboard:	Gigabyte GA-EP45-UD3P
Cooling:	Zalman CNPS9700NT
Memory:	6GB DDR2 RAM @ 1066 Mhz
Video Card:	eVGA GTX 560 Ti SC @ 900 Mhz Core
Hard Disk:	2 x Seagate 7200.10 320GB in Raid 0; External Seagate Pro 500GB
Optical Drive:	LiteON 16x DVD Burner; LiteON 52x CD Burner
CRT/LCD Model:	Samsung SyncMaster 226BW
Case:	Cooler Master Centurion 532B
PSU:	PP&C SilentCool 750 Quad Black
Software:	Windows 7 Ultimate x64

May 27, 2008, 01:41 AM	#7
Haytch Join Date: Apr 2008 Location: Australia Posts: 506 (0.27/day) Thanks: 8 Thanked 40 Times in 34 Posts System Specs	The patch was released ages ago. Its opensource. Here's your free chill pill. Wooohooo

System Name:	4LI3NBR33D-H (Successor to Core-iH7) (Successor to Nemesis-H)
Processor:	Intel Core i7 3960k @ 4.9Ghz With Corsair H100
Motherboard:	MSi BigBang XPower 2
Cooling:	Custom Air Cooling. From Delta 120's TFB1212GHE to Spal 30101504&5
Memory:	4x 8Gb Corsair Dominator GT (CMT32GX3M4X1866C9)
Video Card:	2x MSi R7970
Hard Disk:	OCZ Vertex 3 Max IOPS 240GB SATA 3 6Gb/s SSD, 7x Samsung 2Tb ECO, 4x W.D GP 2Gb in CISCO 16LNSS6000
Optical Drive:	USB MSi Bluray Burner - Networked PS3 Bluray Rom
CRT/LCD Model:	6x Samsung SyncMaster B2440 { or } 55" Samsung LN55A950 when using the Logitech G25 Carsim.
Case:	Antec 1200 with inbuilt D-Link DSL-G804V & DGL-4500, attachable to custom G25, Recaro Seat setup.
Sound Card:	Creative Sound Blaster XFi Titanium Fatal1ty Champ Series With I/O Drive & Aurvana XFi Headphones
PSU:	Thermaltake Tough Power 1500W (Custom shielding)
Software:	w7 Ulitmate x64 (Virtual XP Professional)
Benchmarks:	pppft, gotta see it to believe it. . .

May 27, 2008, 07:26 AM	#9
beyond_amusia Join Date: Feb 2007 Location: Baltimore, Maryland Posts: 857 (0.37/day) Thanks: 253 Thanked 63 Times in 62 Posts System Specs	Linux is not immune to hackers and malware, and niether is OS X; they are not widely exploited because they are not widely used by home users. __________________ Being honest about who you are sometimes comes at a price, but it's worth it.

System Name:	Cozad (Asus G60JX)
Processor:	Core i5 M 430
Memory:	8 GB DDR3 1066
Video Card:	nVidia GeForce 360M
Hard Disk:	500GB
Optical Drive:	DVD-RAM
CRT/LCD Model:	16 inch LED LCD
Software:	Windows 7 Ultimate x64 SP1

System Name:	Bain
Processor:	x2 3600+ windsor256@2.55gz
Motherboard:	Biostar TA770 a2+
Cooling:	ThermalRight ultra-90 with 2x70mm TMD fans
Memory:	2x2gb ddr2 800 wintek ampx@1022mhz 5-5-5-18 cr2 2.2v
Video Card:	x1900xtx 512mb(8800gt under rma due to burning itself out...)
Hard Disk:	4 hdd's
Optical Drive:	2 of them
CRT/LCD Model:	Dell 2001FP 20.1in
Case:	codegen briza case
Sound Card:	alc888 with current drivers
PSU:	fsp 450watt saga seirse psu
Software:	windows x64pro

May 27, 2008, 09:14 PM	#10
Rebo&Zooty Banned Join Date: May 2008 Posts: 456 (0.25/day) Thanks: 199 Thanked 32 Times in 30 Posts	http://www.dailytech.com/Apples+Safa...ticle11299.htm mac got pwnd and windows and linux survived.......yeah thats proof whos more secure :P

May 27, 2008, 10:55 PM	#11
Davidelmo Join Date: Oct 2007 Posts: 322 (0.16/day) Thanks: 28 Thanked 23 Times in 14 Posts System Specs	Of course they aren't immune, but they are less used (and thus less popular with hackers etc.) If someone wants to steal bank details, it's easier on a family compuer with kids and parents using it, rather than a linux machine with a 22yr old computer geek using it. The operating system is only one factor, and most "hacks" are often from human error anyway (i.e. having stupidly easy passwords, clicking ads wih viruses etc)

Processor:	Intel i7 920 @4.20Ghz
Motherboard:	Gigabyte EX58 UD5
Cooling:	Titan Fenrir
Memory:	6Gb Patriot 1600Mhz
Video Card:	ATI HD4870 1Gb
Hard Disk:	2x250Gb Seagate Barracuda (RAID 0) plus 2B storage
Optical Drive:	2x DVD burners
CRT/LCD Model:	Samsung 22 inch Widescreen
Case:	Coolermaster HAF 932
Sound Card:	Auzen Prelude 7.1
PSU:	PCP&P 750W Silencer
Software:	Win7 beta

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Overclocking is Easy! Get Results!	Kursah	Overclocking & Cooling	131	May 12, 2010 12:14 AM
AMD Releases Open Source Performance Library to Accelerate Application Development	zekrahminator	News	1	Feb 21, 2008 03:00 AM
Sun Acquires MySQL, Developer of the World's Most Popular Open Source Database	malware	News	5	Jan 16, 2008 08:25 PM
Violate the laws of physics:Windows Vista DRM	SpoonMuffin	General Software	43	Jan 19, 2007 02:46 AM