Security experts confirm Linux vulnerability

Security experts have confirmed a suspected vulnerability in the Debian and Ubuntu Linux operating systems.

Application vulnerability specialist Fortify Software confirmed the findings of a research posting to the Debian security list last week, which details a critical security vulnerability in the OpenSSL packages within Debian and Ubuntu.

Fredrick Lee, a researcher with Fortify, said that the posting actually understates the potential seriousness of the flaw, which affects the Open Secure Sockets Layer.

"We're calling this vulnerability `insecure randomness' since it allows an attacker to predict the SSL cryptographic keys used for supposedly secure online transactions," he said.