Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Tech and Talk » OS and Software » All Things Unix » Heads Up: Debian OpenSSL RNG Vuln CVE-2008-0166
Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Forum FAQ ·Attitude Adjustment ·Linux docs ·DistroWatch ·OPLM ·FreeBSD Handbook
Gentoo revokes developer rights of 3, Cabal suspected. »
« Which is more stable and reliable UNIX OS?  

BeesTea
Network Janitor
Premium,VIP
join:2003-03-08
00000

Re: Heads Up: Debian OpenSSL RNG Vuln CVE-2008-0166

That's the attack as I understand it exactly. Thanks!
permalink · 2008-05-13 10:12:55 · Reply to this

deblin
Dark Side of the Moon
Premium,MVM
join:2001-09-01
Middletown, DE

Re: Heads Up: Debian OpenSSL RNG Vuln CVE-2008-0166

Thanks for the info.

Just stumbled upon this. Interesting point, not sure I entirely agree with it. But certainly in this case the author makes a good point.
--
»hillaryis404.org/
permalink · 2008-05-13 10:39:05 · Reply to this

Cabal
Premium
join:2007-01-21
Boston, MA

Re: Heads Up: Debian OpenSSL RNG Vuln CVE-2008-0166

quote:
Usually it is bad to have any kind of dependency on uninitialised memory, but OpenSSL happens to include a rare case when its OK, or even a good idea: its randomness pool. Adding uninitialised memory to it can do no harm and might do some good, which is why we do it.
I know people hate to comment their code, but maybe intentionally using uninitialized memory would be a good opportunity for that sort of thing.
--
Interested in open source engine management for your Subaru?
permalink · 2008-05-13 11:12:03 · Print · Reply to this

Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA

Re: Heads Up: Debian OpenSSL RNG Vuln CVE-2008-0166

said by Cabal See Profile :

I know people hate to comment their code, but maybe intentionally using uninitialized memory would be a good opportunity for that sort of thing.
Funny you should mention that
permalink · 2008-05-13 11:37:16 · Print · Reply to this
Forums » Tech and Talk » OS and Software » All Things UnixGentoo revokes developer rights of 3, Cabal suspected. »
« Which is more stable and reliable UNIX OS?  

Saturday, 28-Nov 22:18:18 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [122] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [80] TiVo Sees Record Customer Losses
· [71] Weekend Open Thread
· [70] Verizon CEO: Hulu Will Be Dead Soon
· [69] In-Flight Internet Headed For Bumpy Landing?
· [62] Thanksgiving Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· Windows 7 boot manager editing questions [Microsoft Help]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· [Newsgroups] Newzleech down? [Filesharing Software]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Why does it take so long? Mail question [General Questions]
· Why would I want an e reader? [General Questions]
· ToC 4th boss - Preliminary Strategy for Twin Valkyr [World of Warcraft]
· [ PVP] 3.2 DK PvP D/W Spec... [World of Warcraft]
· Digital Transport Adapter Unboxing Photos [Comcast Cable TV]
· [ Classes] Druid tanking: rotation and glyphs [World of Warcraft]