boxbackup ========= Boxbackup is not present in Debian stable, only in testing/Lenny.
Upstream has published a first impact analysis of key material created on system with insufficient random PRNG. You can read the details here: http://lists.warhead.org.uk/pipermail/boxbackup/2008-May/004476.html If the PRNG in your OpenSSL was insufficiently random, you need to: * Regenerate all affected certificates, which have been generated or signed on an affected system * Regenerate all the data keys (*-FileEncKeys.raw) * Destroy the data stored on your server to an appropriate level of security (overwrite with zeros at the least, more if you're paranoid) * Upload everything again * Take appropriate measures under the assumption that you have been storing your data in plain text on a public server without authentication. (ie, start from scratch, destroying all trace of the backed up data, and take other measures to mitigate the exposure of your secrets) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
