Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 20 Jan 2016 19:12:37 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: Prime example of a can of worms

On Wed, 20 Jan 2016 11:07:19 -0700
Kurt Seifried <kseifried@...hat.com> wrote:

> Yes it would be bad:
> 
> https://blog.shodan.io/duplicate-ssh-keys-everywhere/
> 
> There was another analysis with even more worrying numbers but I
> can't find it.

Not sure if that's what you meant, but may be:
http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html

The more worrying part of that one is that they have not only found
these in the wild, they also extracted the private keys from publicly
available firmware images (and afaik plan to publish them).

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.