Ubuntu 8.10 Password Bug

Hello everybody, today while I was entering my password at my Ubuntu 8.10 login desktop, by mistake I entered one character more than the actual password. Voila! I had successfully logged on to my user desktop. Everything was working fine. I noticed this was also the case when using administrative applications in ‘System -> Administration’. It also exists for ‘sudo’ (root user) commands used in the terminal. This is a big security vulnerability.

The login is successful if whenever password is entered correctly upto eight characters (or less for smaller passwords), irrespective of length of password.

Login is unsuccessful if password entered wrong upto eighth character.

Suppose if my password is ‘calculator’

Entering following password will give successful login:

  1. calculater
  2. calculatexor
  3. calculat

Many other combinations are possible. The only condition is that the password should correct upto eight characters or less for smaller password.

I didn’t find any bug in launchpad regarding this. So I have filed a bug. Click here to view the status of the bug at Launchpad.

Verisign’s SSL Encryption Cracked: Online Shopping And Transactions Threatened

With the help of 200 PS3, an team of security researchers was able to break Versign’s SSL encryption. The cell processors in PS3 were very much capable of exploiting the SSL algorithm. The SSL encryption uses MD5 hashes to create a code and detect whether the data has been modified after it was transmitted. This way any hacker attack could be prevented. But the demonstration by the group showed how the power of improved hardware capabilities could be easily used to attack almost any trascation on the internet.

Using the hardware the group was able to create fake security certificates that behaved like the actual ones. The website demonstarated was RapidSSL. So now it’s time for websites to do away with MD5. But no need to worry as of now, the details of the attack are still with the researchers. It almost impossible for anybody to do such a attack even though the possiblity is not eliminated. With increased computing power like the CUDA, its possible.

What website should look for is changing their security to a more advanced level. We should hope that researchers create a more better encryption. There’s nothing that cannot be cracked, but improving the security level is the only way to stop the attacks. It time to take security seriously with such increased computing power. What we should do?? See to it the website has a valid security certificate. It is denoted by a yellow lock on your browser address bar.

So be awake with eyes wide open the next time you go shopping. So will you go for online shopping, online banking or any transactions now?? Of course you can.