No Comment

Seeing as how I like to bash Windows now and then, I thought it would only be fair for me to note a colossal security flaw in the Debian Linux distribution (which is the basis for, among other things, Ubuntu, which I use) affecting the OpenSSL encryption software program.  This isn’t a bug in OpenSSL, but rather, it’s something that a Debian programmer did to it that amounts to, shall we say, an orchiectomy.  Basically, in order to stop some code debugging/profiling tools from complaining, somebody commented out a line of code that was evidently responsible for creating entropy (pseudo-randomness) in order to generate an unguessable encryption key.  Oopsie.  As this is not a technology blog (and I am far from a cryptography expert), I won’t get into the nitty-gritty of what happened; for those who are interested and are of a technical bent, some good articles are here and here (and here, too).

You might’ve heard of SSL.  It’s what’s used to, among other things, broker secure (“https”) connections to web sites.  I’m not sure how bad I made this issue sound, but however bad you think it is, it’s actually worse.  (On the other hand, being open source software, we at least actually know what happened to it.)

And I still don’t have a virus, Google.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s