Presented at
DEF CON 16 (2008),
Aug. 9, 2008, 1 p.m.
(50 minutes).
Recently, the Debian project announced an OpenSSL package vulnerability which they had been distributing for the last two years. This bug makes the PRNG predictable, affecting the keys generated by openssl and every other system that uses libssl (eg. openssh, openvpn). We will talk about this bug, its discovery and publication, its consequences, and exploitation. As well, we will demonstrate some exploitation tools.
Presenters:
-
Luciano Bello
- Engineer (Information Systems),CITEFA/Si6
Luciano Bello is an Engineer (Information Systems) and works as a researcher at CITEFA's Si6 Information Security Labs in Buenos Aires, Argentina. He has been a Debian Developer since 2007.
-
Maximiliano Bertacchini
- Researcher, CITEFA/Si6
Maximiliano Bertacchini is a PhD student in Computer Engineering at ITBA (Technological Institute of Buenos Aires). He is a researcher at CITEFA's Si6 Information Security Labs in Buenos Aires, Argentina.
Links:
Similar Presentations: