"In a first, cryptographic keys protecting SSH connections stolen in new attack"
(arstechnica.com)
from indepndnt@lemmy.world to cybersecurity@infosec.pub on 14 Nov 2023 15:39 +0000
https://lemmy.world/post/8250030
from indepndnt@lemmy.world to cybersecurity@infosec.pub on 14 Nov 2023 15:39 +0000
https://lemmy.world/post/8250030
I read most of this article trying to determine if I was impacted, so to save you the trouble:
The researchers traced the keys they compromised to devices that used custom, closed-source SSH implementations that didn’t implement the countermeasures found in OpenSSH and other widely used open source code libraries.
#cybersecurity
You da real mvp
I migrated most of my keys to ed25519 a while ago, I probably should keep going
tldr 1 in a million RSA keys are vulnerable