Weakness: Hackers can eye Unix/Linux keystroke information

SecurityFocus reports that a weakness has been discovered in the entropy pool implemented by the /dev/random device on various Unix-derived operating systems. "The problem occurs when the pool has been emtpied, and the entropy mechanism begins to the seed the pool with a source of pseudo-random data."

It has been discovered that due to keystrokes from the console being a source of seeding the entropy pool, it may be possible for an attacker to deduce a user's keystrokes.

A list of vulnerable systems can be found at http://www.securityfocus.com/bid/8425/info/

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about SecurityFocus

Show Comments