oss-sec mailing list archives
Re: Prime example of a can of worms
From: Hanno Böck <hanno () hboeck de>
Date: Wed, 20 Jan 2016 19:12:37 +0100
On Wed, 20 Jan 2016 11:07:19 -0700 Kurt Seifried <kseifried () redhat com> wrote:
Yes it would be bad: https://blog.shodan.io/duplicate-ssh-keys-everywhere/ There was another analysis with even more worrying numbers but I can't find it.
Not sure if that's what you meant, but may be: http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html The more worrying part of that one is that they have not only found these in the wild, they also extracted the private keys from publicly available firmware images (and afaik plan to publish them). -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Re: Prime example of a can of worms Kurt Seifried (Jan 20)
- Re: Prime example of a can of worms Daniel Kahn Gillmor (Jan 20)
- Re: Prime example of a can of worms Kurt Seifried (Jan 20)
- Re: Prime example of a can of worms Daniel Kahn Gillmor (Jan 20)
- Re: Prime example of a can of worms Kurt Seifried (Jan 20)
- Re: Prime example of a can of worms Hanno Böck (Jan 20)
- Re: Prime example of a can of worms Kurt Seifried (Jan 20)
- Re: Prime example of a can of worms Daniel Kahn Gillmor (Jan 20)
- Re: Prime example of a can of worms Florent Daigniere (Jan 21)
- Re: Prime example of a can of worms Steve Grubb (Jan 21)
- Re: Prime example of a can of worms Florent Daigniere (Jan 21)
- <Possible follow-ups>
- Re: Prime example of a can of worms Andrew Gallagher (Jan 21)
- Re: Re: Prime example of a can of worms Steve Grubb (Jan 22)