this post was submitted on 12 May 2024
5 points (100.0% liked)

Security

5018 readers
1 users here now

Confidentiality Integrity Availability

founded 4 years ago
MODERATORS
 

Today, 16 years ago, Debian published a security advisory announcing CVE-2008-0166, a severe bug in their OpenSSL package that effectively broke the random number generator and limited the key space to a few ten thousand keys. The vulnerability affected Debian+Ubuntu between 2006 and 2008. In 2007, an email signature system called DKIM was introduced. Is it possible that people configured DKIM in 2007, never changed their key, and are still vulnerable to CVE-2008-0166?

https://mastodon.social/@hanno/112427156548148984

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here