Red Hat Security Blog: September 2015 archives

  • Important security notice regarding signing key and distribution of Red Hat Ceph Storage on Ubuntu and CentOS

    Last week, Red Hat investigated an intrusion on the sites of both the Ceph community project (ceph.com) and Inktank (download.inktank.com), which were hosted on a computer system outside of Red Hat infrastructure. download.inktank.com provided releases of the Red Hat Ceph product for Ubuntu and CentOS operating systems. Those product versions were signed with an Inktank signing key (id 5438C7019DCEEEAD). ceph.com provided the upstream packages for the Ceph community versions signed with a Ceph...
    Posted 2015-09-17T12:00:00+00:00 - 0
  • Factoring RSA Keys With TLS Perfect Forward Secrecy

    What is being disclosed today? Back in 1996, Arjen Lenstra described an attack against an optimization (called the Chinese Remainder Theorem optimization, or RSA-CRT for short). If a fault happened during the computation of a signature (using the RSA-CRT optimization), an attacker might be able to recover the private key from the signature (an “RSA-CRT key leak”). At the time, use of cryptography on the Internet was uncommon, and even ten years later, most TLS (or HTTPS) connections were immune...
    Posted 2015-09-02T13:30:48+00:00 - 0