Sunday, August 30, 2015
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Alienware Brings Liquid Cooling and Dynamic Overclocking to Holiday Lineup
Razer Launches Wildcat Xbox One Controller And Upgraded Nabu Smartband
Workstation Market Shippments Rebound In Q2
Google Will Help You Find Your Plumber
IFA 2015: What We Know So Far
Acer Liquid Z410 And Liquid Jade Z Phones Released
Huawei Honor Phones Coming To Europe
AMD Radeon R9 370X Graphics Card Launched In Asia
Active Discussions
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
How to burn a backup copy of The Frozen Throne
Help make DVDInfoPro better with dvdinfomantis!!!
Copied dvd's say blank in computer only
menu making
Optiarc AD-7260S review
 Home > News > General Computing > Researc...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, May 01, 2006
Researchers Find Linux Vulnerabilities


Safend announced today that has discovered several security vulnerabilities in Linux, the most common open source project.

As Safend's CTO, Gutterman designs key technologies such as the algorithms and theory behind Safend Auditor and Safend Protector implementation and is a Ph.D. candidate at the Hebrew University of Jerusalem. Recently, he has been conducting analysis of the Linux Random Number Generator (LRNG) along with Benny Pinkas from the University of Haifa and Tzachy Reinman from the Hebrew University of Jerusalem.

The team's research includes an attack on the Linux Random Number Generator. The LRNG is the key element behind most security protocols and tools which are part of Linux. Among them are PGP, SSL, Disk and email encryption. Using the attack presented by the research team, an adversary attempting to break into a Linux machine may compute backward outputs of the LRNG and use them to access previous confidential communications.

Gutterman, along with Pinkas and Reinman, used dynamic and static reverse engineering to learn the operation of the LRNG. The team was then able to illustrate flaws in the design of the generator as well as measurements of the actual entropy collected by it.

"Our result shows that open source is not a synonym for secure design; once the LRNG is broken, we can break any future or previous password on that PC," stated Gutterman. "However, open source benefits security by enabling security audits. As we state in our research paper, we feel that the open source community should have a better policy for security sensitive software components. They shouldn't be treated as other source elements."

Gutterman, Pinkas, and Reinman will present their research paper entitled "Analysis of the Linux Random Number Generator" at the IEEE Security and Privacy Symposium being held in Oakland, California May 21-24.


Previous
Next
Win the ticket to the Final of the World Cup 2006, Berlin; play hard.        All News        EA Marks Release of 2006 FIFA World Cup Game
Google Worried About IE7 Search Engine     General Computing News      Lite-On Semiconductor Company Reports 2005 Fiscal Year Results

Get RSS feed Easy Print E-Mail this Message

Related News
NVIDIA Delivers Performance Boost to Linux Gamers
Ubuntu 12.10 Launches Today With Cloud Integration
Skype 4.0 for Linux Released
The Raspberry Pi $25 Linux Computer Goes On Sale
New Linux Kernel Improves Performance, Supports More Devices
Ubuntu 9.10 Desktop Edition Released
Palm To Close All Its Retail Stores
More Information on Palm OS II
Palm Desktop for Vista No Longer Just a Beta
New Centros Coming Quickly
Windows Mobile Standard Treo 500 Not Coming to the U.S.
Palm Makes Good on Promise of WM6 Upgrade

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2015 - All rights reserved -
Privacy policy - Contact Us .