Linux users often like to poke fun at Microsoft Windows for being prone to security attacks. Now the joke’s on Linux users: at least Debian and Ubuntu ones. It seems for over two years these distros were hashing their SSH/OpenVPN and other OpenSSL-generated keys using entropy that wasn’t quite entropic. Thus, the keys are easily guessable – a colossal security mistake.
My friend Mike B. sent me a link to DailyTech’s excellent description of the gaffe. It’s well worth a read.