OpenSSL Vulnerability


A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH.

(more…)

Securing Xen in a Distributed Environment


Xen is one of the newest virtualization platforms available that can securely run multiple virtual guest servers, each running its own operating system, on a single physical system with close to native performance.  It is available on many Linux platforms as an open source application and directly from XenSource Inc. 

(more…)

Act Now To Prevent Data Breaches


After twelve months of increasingly dramatic press headlines about failures to safeguard personal data records, it’s time to assess the size of the issue and identify best practice steps for reducing the incidence of, and damage caused by, these data breaches.

The IT Governance Data Breaches Report identifies that spectacular data breaches, such as the UK’s HMRC CD-Rom fiasco and the prolonged theft of TK Maxx credit card records, are not caused by the misdemeanor of a junior employee but arise, rather, from systemically inadequate information security arrangements at the organizations where the incident occurs.

(more…)

What Version of Debian Am I Running?


On a Debian system, the file `/etc/debian_version’ contains the release name of the Debian installed.

Use cat to output the contents of this file (see Concatenating Text).

* To output the release name of the Debian system you are on, type:

$ cat /etc/debian_version

NOTE: Debian releases have historically been named after characters from the motion picture Toy Story.