Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: INFOCon yellow: update your Debian generated keys/certs ASAP SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
INFOCon yellow: update your Debian generated keys/certs ASAP

As you can see, we raised the INFOCon level to yellow. The main idea behind INFOCon is to protect the Internet infrastructure at large, and the development on automated scripts exploiting key based SSH authentication looks like a real threat to SSH servers around the world (any SSH server using public keys that were generated on a vulnerable Debian machine – meaning – the keys had to be generated on a Debian machine between September 2006 and 13th of May 2008).

Scripts that allow brute forcing of vulnerable keys (see this as rainbow tables for SSH keys) are in the wild so we would like to remind all of you to regenerate SSH keys ASAP.

Please keep in mind that SSL certificates should be regenerated as well. This can be even more problematic if you had your certificates signed since you'll have to go through this process again (and possibly pay money again).

More information is available in our previous diaries:

http://isc.sans.org/diary.html?storyid=4420

http://isc.sans.org/diary.html?storyid=4414

--
Bojan

 

I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Northern VA - Reston Spring 2020

Bojan

390 Posts
ISC Handler
Just an FYI; http://isc.sans.org/infocon.txt at this time is still showing green. (11:33am EST)
Anonymous

Sign Up for Free or Log In to start participating in the conversation!