Sunday, December 21, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Samsung Introduces SE790C Curved Monitor
Chinese Motion-sensing VR Glasses Coming On Kickstarter
Kodak Returns To CES With Consumer Product Line
North Korea Suggests Joint Inverstigation With U.S. Over Sony Hacking
T-Mobile to Pay $90 Million To Settle Case With FCC
New Trojan Targetted Banks Wordlwide
FBI Confirms North Korea Was Behind Sony Hack
Apple Responds To BBC's Allegations Over Working Conditions In Chinese Factory
Active Discussions
Digital Audio Extraction and Plextools
Will there be any trade in scheme for the coming PSP Go?
Hello, Glad to be Aboard!!!
Best optical drive for ripping CD's? My LG 4163B is mediocre.
Hi All!
cdrw trouble
CDR for car Sat Nav
DVD/DL for Optiarc 7191S at 8X
 Home > News > General Computing > Researc...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, May 01, 2006
Researchers Find Linux Vulnerabilities


Safend announced today that has discovered several security vulnerabilities in Linux, the most common open source project.

As Safend's CTO, Gutterman designs key technologies such as the algorithms and theory behind Safend Auditor and Safend Protector implementation and is a Ph.D. candidate at the Hebrew University of Jerusalem. Recently, he has been conducting analysis of the Linux Random Number Generator (LRNG) along with Benny Pinkas from the University of Haifa and Tzachy Reinman from the Hebrew University of Jerusalem.

The team's research includes an attack on the Linux Random Number Generator. The LRNG is the key element behind most security protocols and tools which are part of Linux. Among them are PGP, SSL, Disk and email encryption. Using the attack presented by the research team, an adversary attempting to break into a Linux machine may compute backward outputs of the LRNG and use them to access previous confidential communications.

Gutterman, along with Pinkas and Reinman, used dynamic and static reverse engineering to learn the operation of the LRNG. The team was then able to illustrate flaws in the design of the generator as well as measurements of the actual entropy collected by it.

"Our result shows that open source is not a synonym for secure design; once the LRNG is broken, we can break any future or previous password on that PC," stated Gutterman. "However, open source benefits security by enabling security audits. As we state in our research paper, we feel that the open source community should have a better policy for security sensitive software components. They shouldn't be treated as other source elements."

Gutterman, Pinkas, and Reinman will present their research paper entitled "Analysis of the Linux Random Number Generator" at the IEEE Security and Privacy Symposium being held in Oakland, California May 21-24.


Previous
Next
Win the ticket to the Final of the World Cup 2006, Berlin; play hard.        All News        EA Marks Release of 2006 FIFA World Cup Game
Google Worried About IE7 Search Engine     General Computing News      Lite-On Semiconductor Company Reports 2005 Fiscal Year Results

Get RSS feed Easy Print E-Mail this Message

Related News
NVIDIA Delivers Performance Boost to Linux Gamers
Ubuntu 12.10 Launches Today With Cloud Integration
Skype 4.0 for Linux Released
The Raspberry Pi $25 Linux Computer Goes On Sale
New Linux Kernel Improves Performance, Supports More Devices
Ubuntu 9.10 Desktop Edition Released
Palm To Close All Its Retail Stores
More Information on Palm OS II
Palm Desktop for Vista No Longer Just a Beta
New Centros Coming Quickly
Windows Mobile Standard Treo 500 Not Coming to the U.S.
Palm Makes Good on Promise of WM6 Upgrade

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .