Linux crypto vulnerability

MR ZenWiz mrzenwiz at gmail.com
Thu Mar 6 01:49:05 UTC 2014 

Is anyone at Canonical aware of this?  Lauren is rarely mistaken about
this sort of stuff....

---------- Forwarded message ----------
From: PRIVACY Forum mailing list <privacy at vortex.com>
Date: Tue, Mar 4, 2014 at 12:17 PM
Subject: [ PRIVACY Forum ] Critical crypto bug leaves Linux, hundreds
of apps open to eavesdropping
To: privacy-list at vortex.com



Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

http://j.mp/1jPcVOr  (Ars Technica)

    "Hundreds of open source packages, including the Red Hat, Ubuntu, and
     Debian distributions of Linux, are susceptible to attacks that
     circumvent the most widely used technology to prevent eavesdropping on
     the Internet, thanks to an extremely critical vulnerability in a
     widely used cryptographic code library.  The bug in the GnuTLS library
     makes it trivial for attackers to bypass secure sockets layer (SSL)
     and Transport Layer Security (TLS) protections available on websites
     that depend on the open source package. Initial estimates included in
     Internet discussions such as this one indicate that more than 200
     different operating systems or applications rely on GnuTLS to
     implement crucial SSL and TLS operations, but it wouldn't be
     surprising if the actual number is much higher. Web applications,
     e-mail programs, and other code that use the library are vulnerable to
     exploits that allow attackers monitoring connections to silently
     decode encrypted traffic passing between end users and servers.  The
     bug is the result of commands in a section of the GnuTLS code that
     verify the authenticity of TLS certificates, which are often known
     simply as X509 certificates."

 - - -

--Lauren--
Lauren Weinstein (lauren at vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
 - Network Neutrality Squad: http://www.nnsquad.org
 - PRIVACY Forum: http://www.vortex.com/privacy-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
privacy mailing list
http://lists.vortex.com/mailman/listinfo/privacy

Thanks.

MR

More information about the ubuntu-users mailing list