I'm not sure I see why this is difficult to exploit in a MITM attack or why the timing is difficult.
It would be easy to build a simple tool to MITM people who execute reseed(8) while connected to an open wireless network (e.g., at Starbucks). The automated tool could wait for a call to reseed(8) and when one is detected, automatically mount a MITM attack. This eliminates any difficulty of "timing" the attack and provides the attacker all necessary MITM access. Also, if the attacker can successfully mount a DNS hijacking attack on the random.org domain name, then that would provide an alternative attack avenue that also eliminates those difficulties. I'm not familiar with the criteria for assigning an importance of 'Low', but I wanted to share this additional information to help you triage this bug. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/804594 Title: reseed(8) performs HTTP fetch of data from random.org To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/reseed/+bug/804594/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
