====== Openssl ====== * http://lists.debian.org/debian-security-announce/2008/msg00152.html * http://www.ubuntu.com/usn/usn-612-2 * http://security.debian.org/project/extra/dowkd/ * http://www.debian.org/security/key-rollover/ * RFH : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332498 * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516 * http://rt.openssl.org/NoAuth/Buglist.html ==== Analyse : ==== * http://lwn.net/Articles/281901/ * http://lwn.net/Articles/282038/ * http://lwn.net/Articles/282230/ * http://www.dslreports.com/forum/r20474302-Heads-Up-Debian-OpenSSL-RNG-Vuln-CVE20080166 * http://blog.sesse.net/blog/tech/2008-05-14-17-21_some_maths.html * http://rt.openssl.org/Ticket/Display.html?id=521&user=guest&pass=guest * http://blog.drinsama.de/erich/en/linux/2008051401-consequences-of-sslssh-weakness.html * http://metasploit.com/users/hdm/tools/debian-openssl/ ==== Réflexion ==== * http://blog.zakame.net/news/wheres-the-open * http://changelog.complete.org/posts/714-Thoughtfulness-on-the-OpenSSL-bug.html * http://www.aigarius.com/blog/2008/05/14/too-similar-to-be-different/ * http://blog.drinsama.de/erich/en/linux/2008051401-debian-openssl-desaster.html * http://www.wgdd.de/?p=51 ==== Diagnostic ==== * http://feeds.feedburner.com/~r/UbuntuTutorials/~3/289661396/ * http://daviey.mooo.com/blogroll/weak-ssh-key.html * Conversions de clefs, certificats : http://www.imsc.res.in/~kapil/blog/floss/converting-keys-2008-05-15-12-14.html ==== Solutions ==== * http://wiki.debian.org/SSLkeys * http://roland.entierement.nu/blog/2008/05/15/branle-bas-sshssl.html * http://blog.zakame.net/news/openssl-remote-dsa-1571 * http://lucumr.pocoo.org/cogitations/2008/05/13/command-of-the-day/ * Désactiver DSA : * (À lire) : http://etbe.coker.com.au/2008/05/18/debian-ssh-problems/ * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481133 ==== Attaques ==== * http://community.livejournal.com/lbello_english/8799.html * http://www.lucianobello.com.ar/post/the-root-of-all-mistake-the-overgeneralization/