On 5/15/08, Mark Carlson <[EMAIL PROTECTED]> wrote: > If you don't use have any password-less logins set up, no need to > worry (unless you generated your own SSL certs on these systems, which > is also affected, so regenerate those too.) > > http://isc.sans.org/diary.html?storyid=4420 > > The meat of it: > > "It is obvious that this is highly critical – if you are running a > Debian or Ubuntu system, and you are using keys for SSH authentication > (ironically, that's something we've been recommending for a long > time), and those keys were generated between September 2006 and May > 13th 2008 then you are vulnerable. In other words, those secure > systems can be very easily brute forced. What's even worse, H D Moore > said that he will soon release a brute force tool that will allow an > attacker easy access to any SSH account that uses public key > authentication." > > Whoops! If your SSH port faces the outside world and you have a > vulnerable key, this basically means that all someone has to do is > guess your username and a flurry of connection attempts later... > owned! (And may $deity help you if you have a key set up for root!) > > Do not delay. Get the updated version and regenerate your keys NOW! > > -Mark C. >
To follow-up: ISC bumped up the "INFOCon" level as a result of this (green -> yellow.) http://isc.sans.org/diary.html?storyid=4421 -Mark C. _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
