16 May 2008

A major security hole was announced on May 13, 2008 in the pseudorandom number generator (PRNG) of the Debian version of OpenSSL, one of the most used cryptographic programming libraries. The problem affects all the Debian-based GNU/Linux distributions, like Ubuntu and Knoppix, that was used to create SSL/TLS keys since September 17, 2006. The bug was discovered by Luciano Bello, a Debian package maintainer. (read the rest on WikiNews...)

This bug affects Organic Design because our servers are Debian and workstations Ubuntu, but all have been updated now and the compromised keys regenerated. The problem affected the MediaWiki SVN users as well because it uses SSH keys for authentication, so anyone's keys that were generated on affected systems had to be replaced including ours.