HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 11 MINUTES AGO.
You are here: Home / Best of the Best: Tech Blog Roundup
Neustar, Inc.
Protect your website & network using real-time information & analysis
www.neustar.biz
Home > Tech Blogs  Flag for objectionable content? Flag for Objectionable Content?
Average Rating:
Rate this article:  
Slashdot: LibreSSL PRNG Vulnerability Patched
2014-07-16 2:31pm -07:00T Visit Slashdot


Outtake:

msm1267 writes: The OpenBSD project late last night rushed out a patch for a vulnerability in the LibreSSL pseudo random number generator (PRNG). The flaw was disclosed two days ago by the founder of secure backup company Opsmate, Andrew Ayer, who said the vulnerability was a "catastrophic failure of the PRNG." OpenBSD founder Theo de Raadt and developer Bob Beck, however, countered saying that the issue is "overblown" because Ayer's test program is unrealistic. Ayer's test program, when linked to LibreSSL and made two different calls to the PRNG, returned the exact same data both times. "It is actually only a problem with the author's contrived test program," Beck said. "While it's a real issue, it's actually a fairly minor one, because real applications don't work the way the author describes, both because the PID (process identification number) issue would be very difficult to have become a real issue in real software, and nobody writes real software with OpenSSL the way the author has set this test up in the article."

Share on Google+

Read more of this story at Slashdot.


Read More on Slashdot...


  © Copyright 2014 Slashdot. All rights reserved. If you've enjoyed this content, please visit Slashdot to show your appreciation.

Information for Bloggers
 

Latest Blog Entries from Slashdot:
US Patent Office Seeking Consultant That Can Stamp-out Fraud By Patent Examiners
US Scientists Predict Long Battle Against Ebola
Why Atheists Need Captain Kirk
The Future According To Stanislaw Lem
Justice Sotomayor Warns Against Tech-Enabled "Orwellian" World
Latest Tech Blogs from around the Blogosphere:
hack a day: THP Hacker Bio: AKA
Content Digitization QA: Recording from the webinar on “No One Left Behind – Let’s Embrace Accessibility Testing”
Content Digitization QA: Recording from the webinar on “No One Left Behind – Let’s Embrace Accessibility Testing”
Content Digitization QA: Recording from the webinar on “No One Left Behind – Let’s Embrace Accessibility Testing”
Content Digitization QA: Recording from the webinar on “No One Left Behind – Let’s Embrace Accessibility Testing”

NEWSFACTOR.COM
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.