Wednesday, September 17, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Sony To Offer Unity For PlayStation To PlayStation Licensed Developers
Blackberry Introduces Elegant Porsche Design P9983 Smartphone
Club 3D Launches 4K Docking Station
Logitech Gives You Control of Your Smart Home with the New Harmony Living Home Lineup
New iPads And OS X Yosemite Announcements Expected Next Month
Opera Max Data-savings App to be Embedded into MediaTek's LTE SoCs
Nero 2015 Supports Burning via Smartphone, WiFi Streaming
PMC Delivers 16-port SAS and SATA Storage Controllers
Active Discussions
Yamaha CRW-F1UX
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
 Home > News > General Computing > Researc...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, May 01, 2006
Researchers Find Linux Vulnerabilities


Safend announced today that has discovered several security vulnerabilities in Linux, the most common open source project.

As Safend's CTO, Gutterman designs key technologies such as the algorithms and theory behind Safend Auditor and Safend Protector implementation and is a Ph.D. candidate at the Hebrew University of Jerusalem. Recently, he has been conducting analysis of the Linux Random Number Generator (LRNG) along with Benny Pinkas from the University of Haifa and Tzachy Reinman from the Hebrew University of Jerusalem.

The team's research includes an attack on the Linux Random Number Generator. The LRNG is the key element behind most security protocols and tools which are part of Linux. Among them are PGP, SSL, Disk and email encryption. Using the attack presented by the research team, an adversary attempting to break into a Linux machine may compute backward outputs of the LRNG and use them to access previous confidential communications.

Gutterman, along with Pinkas and Reinman, used dynamic and static reverse engineering to learn the operation of the LRNG. The team was then able to illustrate flaws in the design of the generator as well as measurements of the actual entropy collected by it.

"Our result shows that open source is not a synonym for secure design; once the LRNG is broken, we can break any future or previous password on that PC," stated Gutterman. "However, open source benefits security by enabling security audits. As we state in our research paper, we feel that the open source community should have a better policy for security sensitive software components. They shouldn't be treated as other source elements."

Gutterman, Pinkas, and Reinman will present their research paper entitled "Analysis of the Linux Random Number Generator" at the IEEE Security and Privacy Symposium being held in Oakland, California May 21-24.


Previous
Next
Win the ticket to the Final of the World Cup 2006, Berlin; play hard.        All News        EA Marks Release of 2006 FIFA World Cup Game
Google Worried About IE7 Search Engine     General Computing News      Lite-On Semiconductor Company Reports 2005 Fiscal Year Results

Get RSS feed Easy Print E-Mail this Message

Related News
NVIDIA Delivers Performance Boost to Linux Gamers
Ubuntu 12.10 Launches Today With Cloud Integration
Skype 4.0 for Linux Released
The Raspberry Pi $25 Linux Computer Goes On Sale
New Linux Kernel Improves Performance, Supports More Devices
Ubuntu 9.10 Desktop Edition Released
Palm To Close All Its Retail Stores
More Information on Palm OS II
Palm Desktop for Vista No Longer Just a Beta
New Centros Coming Quickly
Windows Mobile Standard Treo 500 Not Coming to the U.S.
Palm Makes Good on Promise of WM6 Upgrade

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .