Debian’s OpenSSL = No Encryption

Debian developers deleted the code that seeded random numbers to generate cryptographic keys, no the random numbers are predictable and everything is in the clear. Debian Security Advisory DSA-1571-1 states: “Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509 certificates and session keys used in SSL/TLS connections. Keys generated with GnuPG or GNUTLS are not affected, though.”

The vulnerability only exists in Debian and Debian derived Linux systems such as Ubuntu, KBuntu and Xubuntu.

Notice that Debian is has already released a patch which is available via apt-get. Microsoft would have taken at least a month to release such as patch, and this was less than a week.