Table des matières
Openssl
Analyse :
Réflexion
Diagnostic
Solutions
Attaques
Openssl
http://lists.debian.org/debian-security-announce/2008/msg00152.html
http://www.ubuntu.com/usn/usn-612-2
http://security.debian.org/project/extra/dowkd/
http://www.debian.org/security/key-rollover/
RFH :
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332498
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516
http://rt.openssl.org/NoAuth/Buglist.html
Analyse :
http://lwn.net/Articles/281901/
http://lwn.net/Articles/282038/
http://lwn.net/Articles/282230/
http://www.dslreports.com/forum/r20474302-Heads-Up-Debian-OpenSSL-RNG-Vuln-CVE20080166
http://blog.sesse.net/blog/tech/2008-05-14-17-21_some_maths.html
http://rt.openssl.org/Ticket/Display.html?id=521&user=guest&pass=guest
http://blog.drinsama.de/erich/en/linux/2008051401-consequences-of-sslssh-weakness.html
http://metasploit.com/users/hdm/tools/debian-openssl/
Réflexion
http://blog.zakame.net/news/wheres-the-open
http://changelog.complete.org/posts/714-Thoughtfulness-on-the-OpenSSL-bug.html
http://www.aigarius.com/blog/2008/05/14/too-similar-to-be-different/
http://blog.drinsama.de/erich/en/linux/2008051401-debian-openssl-desaster.html
http://www.wgdd.de/?p=51
Diagnostic
http://feeds.feedburner.com/~r/UbuntuTutorials/~3/289661396/
http://daviey.mooo.com/blogroll/weak-ssh-key.html
Conversions de clefs, certificats :
http://www.imsc.res.in/~kapil/blog/floss/converting-keys-2008-05-15-12-14.html
Solutions
http://wiki.debian.org/SSLkeys
http://roland.entierement.nu/blog/2008/05/15/branle-bas-sshssl.html
http://blog.zakame.net/news/openssl-remote-dsa-1571
http://lucumr.pocoo.org/cogitations/2008/05/13/command-of-the-day/
Désactiver DSA :
(À lire) :
http://etbe.coker.com.au/2008/05/18/debian-ssh-problems/
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481133
Attaques
http://community.livejournal.com/lbello_english/8799.html
http://www.lucianobello.com.ar/post/the-root-of-all-mistake-the-overgeneralization/