|
Message-ID: <20160120191237.55100e02@pc1>
Date: Wed, 20 Jan 2016 19:12:37 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: Prime example of a can of worms
On Wed, 20 Jan 2016 11:07:19 -0700
Kurt Seifried <kseifried@...hat.com> wrote:
> Yes it would be bad:
>
> https://blog.shodan.io/duplicate-ssh-keys-everywhere/
>
> There was another analysis with even more worrying numbers but I
> can't find it.
Not sure if that's what you meant, but may be:
http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html
The more worrying part of that one is that they have not only found
these in the wild, they also extracted the private keys from publicly
available firmware images (and afaik plan to publish them).
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno@...eck.de
GPG: BBB51E42
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.