Re: Any special preparations in anticipation of KB2661254 (Key Length) patch?

[Gary Flynn <flynngn () JMU EDU>]

I notified folks I thought would have embedded
devices such as alarm systems, lab equipment,
environmental controls, vending, and networking.

I don't know what common vendor practice is
or has been with self signed certificates but
many systems come with them by default and older
ones might default to a small key size.


Hanson, Mike wrote:
> Marty,
>
> I emailed our server admins asking them to go through all their server
> certs to make sure they were o.k.. We found a couple on admin interfaces
> for commercial software.
>
> I also notified out techs that they may be seeing issues out in the field.
> I have not talked to our help desk yet.
>
> It is hard to tell how big of deal this will become.
>
>
> Mike Hanson, CISSP
> Network Security Manager
> The College of St. Scholastica
> Duluth, MN 55811
>
>
>
>
>
>
> On Wed, Sep 12, 2012 at 1:53 PM, Martin Manjak <mmanjak () albany edu> wrote:
>
> > MS will release their Update for Minimum Certificate Key Length to WSUS
> > next month.
> >
> > I'm curious about any special preparations anyone may have taken to
> > identify certs within their domains that may not meet the new minimum
> > key length standard (1024).
> >
> > Embedded devices, if using SSL, come to mind as a potential source of
> > problems.
> >
> > Also, is anyone briefing their Help Desk staff on how to respond to
> > callers who report that they can't connect to sites because of the new
> > requirement?
> >
> > It's hard to tell how much is going to break with this update.
> > Marty
> >
> > --
> >
> > Martin Manjak
> > CISSP, GIAC GSEC-G
> > Information Security Officer
> > University at Albany
> > MSC 209 518/437-3813
> >
> > The University at Albany will never ask you to reveal your password.
> > Please ignore all such requests.


--
Gary Flynn
Security Engineer
James Madison University

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature