Date: Wed, 20 Jan 2016 19:12:37 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Re: Prime example of a can of worms On Wed, 20 Jan 2016 11:07:19 -0700 Kurt Seifried <kseifried@...hat.com> wrote: > Yes it would be bad: > > https://blog.shodan.io/duplicate-ssh-keys-everywhere/ > > There was another analysis with even more worrying numbers but I > can't find it. Not sure if that's what you meant, but may be: http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html The more worrying part of that one is that they have not only found these in the wild, they also extracted the private keys from publicly available firmware images (and afaik plan to publish them). -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.