Monday, November 30, 2015
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
WD, Samsung Lead The HDD And SSD Markets
4K Copy Protection Probably Cracked
AMD To Correct GPU Fan Control Issues With New Crimson Drivers
Google Outlines The Gifts We're Searching For This Holiday
Microsoft Launches New Office 365 Enterprise Capabilities, Dynamics CRM 2016 and Introduces PowerApps
BlackBerry is Exiting Asian Country Following Government Pressure
TDK To Buy Semiconductor Factory From Renesas Electronics
Swatch Parners With Visa On Pay-by-the wrist Payments
Active Discussions
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
How to burn a backup copy of The Frozen Throne
Help make DVDInfoPro better with dvdinfomantis!!!
Copied dvd's say blank in computer only
menu making
Optiarc AD-7260S review
 Home > News > General Computing > Researc...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, May 01, 2006
Researchers Find Linux Vulnerabilities

Safend announced today that has discovered several security vulnerabilities in Linux, the most common open source project.

As Safend's CTO, Gutterman designs key technologies such as the algorithms and theory behind Safend Auditor and Safend Protector implementation and is a Ph.D. candidate at the Hebrew University of Jerusalem. Recently, he has been conducting analysis of the Linux Random Number Generator (LRNG) along with Benny Pinkas from the University of Haifa and Tzachy Reinman from the Hebrew University of Jerusalem.

The team's research includes an attack on the Linux Random Number Generator. The LRNG is the key element behind most security protocols and tools which are part of Linux. Among them are PGP, SSL, Disk and email encryption. Using the attack presented by the research team, an adversary attempting to break into a Linux machine may compute backward outputs of the LRNG and use them to access previous confidential communications.

Gutterman, along with Pinkas and Reinman, used dynamic and static reverse engineering to learn the operation of the LRNG. The team was then able to illustrate flaws in the design of the generator as well as measurements of the actual entropy collected by it.

"Our result shows that open source is not a synonym for secure design; once the LRNG is broken, we can break any future or previous password on that PC," stated Gutterman. "However, open source benefits security by enabling security audits. As we state in our research paper, we feel that the open source community should have a better policy for security sensitive software components. They shouldn't be treated as other source elements."

Gutterman, Pinkas, and Reinman will present their research paper entitled "Analysis of the Linux Random Number Generator" at the IEEE Security and Privacy Symposium being held in Oakland, California May 21-24.

Win the ticket to the Final of the World Cup 2006, Berlin; play hard.        All News        EA Marks Release of 2006 FIFA World Cup Game
Google Worried About IE7 Search Engine     General Computing News      Lite-On Semiconductor Company Reports 2005 Fiscal Year Results

Get RSS feed Easy Print E-Mail this Message

Related News
NVIDIA Delivers Performance Boost to Linux Gamers
Ubuntu 12.10 Launches Today With Cloud Integration
Skype 4.0 for Linux Released
The Raspberry Pi $25 Linux Computer Goes On Sale
New Linux Kernel Improves Performance, Supports More Devices
Ubuntu 9.10 Desktop Edition Released
Palm To Close All Its Retail Stores
More Information on Palm OS II
Palm Desktop for Vista No Longer Just a Beta
New Centros Coming Quickly
Windows Mobile Standard Treo 500 Not Coming to the U.S.
Palm Makes Good on Promise of WM6 Upgrade

Most Popular News
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2015 - All rights reserved -
Privacy policy - Contact Us .