Weakness: Hackers can eye Unix/Linux keystroke information

SecurityFocus reports that a weakness has been discovered in the entropy pool implemented by the /dev/random device on various Unix-derived operating systems. "The problem occurs when the pool has been emtpied, and the entropy mechanism begins to the seed the pool with a source of pseudo-random data."

It has been discovered that due to keystrokes from the console being a source of seeding the entropy pool, it may be possible for an attacker to deduce a user's keystrokes.

A list of vulnerable systems can be found at http://www.securityfocus.com/bid/8425/info/

Join the newsletter!

Error: Please check your email address.

More about SecurityFocus

Show Comments