SANS YELLOW ALERT!

A yellow alert has not been issued by SANS.org since the SQL Slammer Worm surfaced at 05:30 UTC on January 25, 2003. It spread rapidly, infecting most of its 75,000 victims within ten minutes. This is a big one! Pay attention Debian-Linux SSH and SSL key users! This means U!

Direct from www.sans.org

INFOCon yellow: update your Debian generated keys/certs ASAP
Published: 2008-05-15,
Last Updated: 2008-05-15 15:30:39 UTC

by Bojan Zdrnja (Version: 2)

As you can see, we raised the INFOCon level to yellow. The main idea behind INFOCon is to protect the Internet infrastructure at large, and the development on automated scripts exploiting key based SSH authentication looks like a real threat to SSH servers around the world (any SSH server using public keys that were generated on a vulnerable Debian machine – meaning – the keys had to be generated on a Debian machine between September 2006 and 13th of May 2008).

Note: 'Debian' in the above paragraph refers to any Debian-based Linux distribution including Ubuntu.


Scripts that allow brute forcing of vulnerable keys (see this as rainbow tables for SSH keys) are in the wild so we would like to remind all of you to regenerate SSH keys ASAP.

Please keep in mind that SSL certificates should be regenerated as well. This can be even more problematic if you had your certificates signed since you'll have to go through this process again (and possibly pay money again).

More information is available in our previous diaries:

http://isc.sans.org/diary.html?storyid=4420

http://isc.sans.org/diary.html?storyid=4414

--
Bojan

Posted on 26 Jun 2008, 15:57 - Category: MicroShaft
Edit - Delete


Comments:

Posted on 16 May 2008, 9:56 by Grrly
Woah not again
Bad again on SSH. Why are so many exploits possible? Is software compiled that poorly it can be hacked at any time? I just don't get it! Well I'm not shopping online for a while! Word!
Delete



Add Comment

Title
Author
 
Content
Show Smilies
Security Code juC2zuG2
Password (So people cannot steal your identity)
 





The YourDataCenter™ Family Includes:
YourDataCenter.com - Domains4hosting.com - NewPoseidonGames.com
HuntMyIP.com - SSLoptions.com - IfUsay.so - ComputerRepair11581.com
FreewareLoft.com - HostLongIsland.com - YDCcloud.com - YDCwebHost.com

©2017- Your Data Center Incorporated, All Rights Reserved.