A friend of mine, Tibun, offered me the domain name 'debianubuntu.org'. That's one more on my ever growing collection of domain names that I don't know how to use.

I'm looking on opinions/ideas. Preferable, I would like to do something for Debian and Ubuntu aswell.

Help me out!

Tiago

Well, things have finally calmed down regarding the OpenSSL problems. Not that it's necessarily bad to see that many posts and news. One can actually think it's a good things problem are addressed and discussed, but I was starting to get tired of reading nothing more than a bunch of complaints.

News flash: Shit happens!

I actually had a big text about the package maintainer, the severity of the problem, etc, etc, etc written, but it's better to just be quiet, since I can't do it any better.

Exploitation

After reading so much about it, I was intrigued on how <em>super-easy-because-of-the-32,767-possible-outcomes</em> to crack attack would work, and hdm (from Metaploit) answered them on a great paper:

http://metasploit.com/users/hdm/tools/debian-openssl/

The keys were generated and made available:

http://sugar.metasploit.com/debian_ssh_dsa_1024_x86.tar.bz2
http://sugar.metasploit.com/debian_ssh_rsa_2048_x86.tar.bz2

And a script to use them has been published to Metasploit:

http://milw0rm.com/exploits/5622

After giving it a try on a unpatched virtual machine, I understood the real severity of the problem.

Hi everyone,

This is just a 'Hello' to all readers and members of this website. I've been a reader for quite some time, but for some weird reason, I only registered today.

I would also like to thank everyone that makes this site THE best Debian (and sometimes Ubuntu) resource on the Internet.

Thank you Steve for creating the project!

Tiago