There’s been a lot of discussion about a Debian bug going around.There’s been a lot of discussion about a Debian bug going around.
The bug affects SSL certificates on servers, which means visiting a compromised server could leave your info in the open, without you having the faintest idea.
Here’s a quick rundown:
“All RSA & DSA keypairs generated with OpenSSL on affected systems (any Debian-based system between roughly Sep-17-2006 and May-13-2008) are trivial to guess. The fix is not so simple. After updating OpenSSL on an affected system, you need to figure out if any of your crypto keys are affected.” [...] “You need to regenerate all such keys and replace your SSL certificates as well. “
That’s all very techy, but if you’re running a Debian server, you know exactly what’s up.
Now there’s a handy Firefox extension that will alert you when visiting a potentially compromised site. The extension works a little magic in the background to determine if the SSL certificate you’re trusting to keep your transaction safe is one which could be dangerous, thus giving you a little added protection from the rough and ragged world of cybercrime.
You can download it here.
[via codefromthe70s]