≡ Menu

security team

Important: Openssl Security Update [CVE-2008-5077]

Linux / BSD and UNIX like operating systems includes software from the OpenSSL Project. The OpenSSL is commercial-grade, industry-strength, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as general purpose cryptography library.

The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a malicious server, or able to effect a "man in the middle" attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client and bypass validation.

This update has been rated as having important security impact on FreeBSD, all version of Ubuntu / Debian, Red Hat (RHEL), CentOS, Fedora and other open source operating system that depends upon OpenSSL.
[click to continue…]

News Roundup

=> KDE 4 Review : Ars Technica reviews KDE 4.0 - KDE 4.0 was officially released last week after extensive development. The long-awaited 4.0 release ushers in a new era for the popular open-source desktop environment and adds many intriguing new features and technologies. Unfortunately, the release comes with almost as many new bugs as it does features, and there is much work to be done before it sparkles like the 3.5.x series.

=> Humor : Intelligent atheist white man seeks sweetie // Help me keep the shell people alive

=> Every aspect of computer users' lives — from their heartbeat to a guilty smile -- could be monitored and immediately analysed under the futuristic system detailed in Microsoft’s patent application.

=> Asus Launches Windows Version of its Eee PC - Hackers no longer have to resort to their own devices to get Windows on Asus's Eee PC.

=> Crispin Cowan, the Linux security expert behind StackGard, the Immunix Linux distro and AppArmor, has joined the Windows security team.