In recent months, Comodo has been hacked repeatedly
, DigiNotar was
and the security of CAs as a whole has been found to be not
. The consensus finally seems to be shifting from the
notion that CAs are merely a ripoff, to the notion that they are a ripoff,
a security problem, and that we want them dead as immediately as possible
The only question that remains is how to replace them
-- Moxie Marlinspike
Disclosing security vulnerabilities is good for security and good for
society, but vendors really hate it. It results in bad press, forces them
to spend money fixing vulnerabilities, and comes out of nowhere. Over the
past decade or so, we've had an uneasy truce between security researchers
and product vendors. That truce seems to be breaking down.
The next problems we hit was pam_securid seems to be running netstat under
the covers. I recall we had this problem with the Netscape Certificate
libraries. They used to execute netstat in order to generate entropy when
using certificates, so I figure this is what is going on here. I also see
the sshd executing ps? Probably for the same reason.
RSA guys please use /dev/urandom and /dev/random.
-- Dan Walsh
debugs some problems that were causing RSA to recommend turning off SELinux
to post comments)