Wednesday, April 01, 2015
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Facebook Introduces Riff And Scrapbook
The White House Targets Cyber Attackers With New Sanctions Program
Uber Files Complaints Against Service Bans
Yahoo Autos Is Launching Today
GoDaddy Enters The Wall Street
Amazon Button for Instant Product Ordering
Sony To Sell Olympus Shares
Tech Industry Enjoys April Fools' Day
Active Discussions
how to copy and move data files to dvd-rw
cdrw trouble
Need serious help!!!!
burning
nvidia 6200 review
Hello
Burning Multimedia in track 0
I'm lazy. Please help.
 Home > News > General Computing > Researc...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, May 01, 2006
Researchers Find Linux Vulnerabilities


Safend announced today that has discovered several security vulnerabilities in Linux, the most common open source project.

As Safend's CTO, Gutterman designs key technologies such as the algorithms and theory behind Safend Auditor and Safend Protector implementation and is a Ph.D. candidate at the Hebrew University of Jerusalem. Recently, he has been conducting analysis of the Linux Random Number Generator (LRNG) along with Benny Pinkas from the University of Haifa and Tzachy Reinman from the Hebrew University of Jerusalem.

The team's research includes an attack on the Linux Random Number Generator. The LRNG is the key element behind most security protocols and tools which are part of Linux. Among them are PGP, SSL, Disk and email encryption. Using the attack presented by the research team, an adversary attempting to break into a Linux machine may compute backward outputs of the LRNG and use them to access previous confidential communications.

Gutterman, along with Pinkas and Reinman, used dynamic and static reverse engineering to learn the operation of the LRNG. The team was then able to illustrate flaws in the design of the generator as well as measurements of the actual entropy collected by it.

"Our result shows that open source is not a synonym for secure design; once the LRNG is broken, we can break any future or previous password on that PC," stated Gutterman. "However, open source benefits security by enabling security audits. As we state in our research paper, we feel that the open source community should have a better policy for security sensitive software components. They shouldn't be treated as other source elements."

Gutterman, Pinkas, and Reinman will present their research paper entitled "Analysis of the Linux Random Number Generator" at the IEEE Security and Privacy Symposium being held in Oakland, California May 21-24.


Previous
Next
Win the ticket to the Final of the World Cup 2006, Berlin; play hard.        All News        EA Marks Release of 2006 FIFA World Cup Game
Google Worried About IE7 Search Engine     General Computing News      Lite-On Semiconductor Company Reports 2005 Fiscal Year Results

Get RSS feed Easy Print E-Mail this Message

Related News
NVIDIA Delivers Performance Boost to Linux Gamers
Ubuntu 12.10 Launches Today With Cloud Integration
Skype 4.0 for Linux Released
The Raspberry Pi $25 Linux Computer Goes On Sale
New Linux Kernel Improves Performance, Supports More Devices
Ubuntu 9.10 Desktop Edition Released
Palm To Close All Its Retail Stores
More Information on Palm OS II
Palm Desktop for Vista No Longer Just a Beta
New Centros Coming Quickly
Windows Mobile Standard Treo 500 Not Coming to the U.S.
Palm Makes Good on Promise of WM6 Upgrade

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2015 - All rights reserved -
Privacy policy - Contact Us .