Home News Enterprise Computing Enterprise Business A Critical Security Bug in Tarsnap

A Critical Security Bug in Tarsnap

The author of tarsnap ("online backups for the truly paranoid") has sent out an advisory describing a "critical" security bug in versions 1.0.22 through 1.0.27. "It may be possible for me, Amazon, or US government agencies with access to Amazon's datacenters to decrypt data stored with those versions of Tarsnap. This is an absolutely unacceptable compromise of Tarsnap's security principles, and I sincerely apologize to everyone affected." The posting describes how to respond to the problem and is an interesting discussion of how easily things can go wrong in security-related code.

Read more at LWN


Subscribe to Comments Feed

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board