15 May
2008
15 May
'08
1:40 a.m.
Clint Dilks wrote:
Hi People,
I know this may seem off topic, but I thought for those of us who might have Debian users generating key pairs that they put on CentOS systems people should be aware that
everybody who generated a public/private keypair or an SSL cert request on Debian or Ubuntu from 2006 on is vulnerable
I've been following this story too after reading about it on SANS Internet Storm Center:
http://isc.sans.org/diary.html?storyid=4414
I wonder how far reaching this is. One wonders if any of the trusted root CAs have issued vulnerable certs as a result.