Berkeley CSUA MOTD:Entry 49941
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/07/09 [General] UID:1000 Activity:popular
7/9     

2008/5/14-16 [Computer/SW/OS/Linux] UID:49941 Activity:nil
5/14    debian people, recompile:
        http://metasploit.com/users//hdm/tools/debian-openssl
        \- and ubuntu
           \_ Which is derived from debian.
        \_ Argh. What are some inexpensive certificate authorities?
2025/07/09 [General] UID:1000 Activity:popular
7/9     

You may also be interested in these entries...
2013/2/19-3/26 [Computer/SW/OS/OsX] UID:54611 Activity:nil
2/19    I program a lot by sshing to a Linux cluster.  So I'm used to using
        Xemacs to code.  This works fine from a Linux or Windows workstation,
        but sometimes I have to use a Mac.  On Mac, the meta is usually
        bound to option, but that often doesn't work over ssh for some reason.
        This makes using emacs a real pain.  Any suggestions on how to fix it?
        (Other than "use vi")
	...
2012/8/28-11/7 [Computer/HW/Memory] UID:54466 Activity:nil
8/26    Amazon medium instances (3.75GB RAM): 0.160/hour = $1382/year
        Generic standard Linux VPS (4GB RAM): $480/year
        Amazon costs more (but does offer superior scaling options).
        \_ Amazon is $670 if you buy a year's usage up front (heavy util).
           Why is heavy util less expensive than light util?
	...
2012/1/4-2/6 [Computer/HW/Drives] UID:54281 Activity:nil
1/4     I want to test how my servers behave during a disk failure and
        a RAID reconstruction so I want to simulate a hardware failure.
        How can I do this in Linux without having to physically pull
        a drive? These disks are behind a RAID card and run Linux. -ausman
        \_ According to the Linux RAID wiki, you might be able to use mdadm
           to do this with something like the following:
	...
2011/9/14-10/25 [Computer/HW/Drives] UID:54173 Activity:nil
9/13    Thanks to Jordan, our disk server is no longer virtualized. Our long
        nightmare of poor IO performance should hopefully be over. Prepare for
        another long nightmare of poor hardware reliability!
        ...
        Just kidding! (I hope)
        In any case, this means that cooler was taken out back and shot, and
	...
2011/2/11-19 [Computer/SW/OS/Linux, Computer/SW/Security] UID:54036 Activity:nil
2/10    Debian 6.0 squeeze is the new stable.  Do we dare a dist-upgrade?
        \_ the key for http://security.debian.org has changed btw.
	...
2010/7/21-8/9 [Computer/SW/OS/FreeBSD] UID:53890 Activity:nil
7/21    Can I just use ifconfig to expand my netmask on a FreeBSD box?
        Are there any gotchas here? Linux forces me to restart my network
        to expand my netmask.
        \_ yes... and no, you don't have to restart your network on linux either
           \_ Rebooting is the Ubootntoo way!
              \_ Oooboot'n'tootin!
	...
2010/7/22-8/9 [Computer/SW/OS/FreeBSD, Computer/HW/Drives] UID:53893 Activity:nil
7/22    Playing with dd if=/dev/random of=/dev/<disk> on linux and bsd:
        2 questions, on linux when <disk>==hda it always gives me this off
        by one report i.e. Records out == records in-1 and says there is an
        error. Has anyone else seen this?  Second, when trying to repeat this
        on bsd, <disk>==rwd0 now, to my surprise, using the install disk and
        selecting (S)hell, when I try to dd a 40 gig disk it says "409 records
	...
2010/5/26-6/30 [Computer/SW/Unix/WindowManager, Computer/SW/OS/OsX] UID:53844 Activity:nil
5/26    anyone use lxde?  supposedly it is less stupid than xfce and
        less bloated than gnome.  thoughts?
        \_ lol, does anyone still use desktop linux?  Get with the times
           buy a mac.  Now.  DO IT.  Go NOW.
           \_ but we prefer herring to Kool-Aid
              \_ "you have to yell, he's hard of herring"
	...
Cache (1531 bytes)
metasploit.com/users//hdm/tools/debian-openssl -> metasploit.com/users//hdm/tools/debian-openssl/
Removing this code has the side effect of crippling the seeding process for the OpenSSL PRNG. Instead of mixing in random data for the initial seed, the only "random" value that was used was the current process ID. On the Linux platform, the default maximum process ID is 32,768, resulting in a very small number of seed values being used for all PRNG operations. The Impact All SSL and SSH keys generated on a Debian-based systems (Ubuntu, Kubuntu, etc) between September 2006 and May 13th, 2008 may be affected. In the case of SSL keys, all generated certificates will be need to recreated and sent off to the Certificate Authority to sign. Any Certificate Authority keys generated on a Debian-based system will need be regenerated and revoked. All system administrators that allow users to access their servers with SSH and public key authentication need to audit those keys to see if any of them were created on a vulnerabile system. Any tools that relied on OpenSSL's PRNG to secure the data they transferred may be vulnerable to an offline attack. Any SSH server that uses a host key generated by a flawed system is subjection to traffic decryption and a man-in-the-middle attack would be invisible to the users. This flaw is ugly because even systems that do not use the Debian software need to be audited in case any key is being used that was created on a Debian system. The Debian and Ubuntu projects have released a set of tools for identifying vulnerable keys. You can find these listed in the references section below.