From: John Leo john...@checkssh.com
Subject: [FD] SSH host key fingerprint - through HTTPS
Date: Mon, 01 Sep 2014 12:41:17 +0800
This tool displays SSH host key fingerprint - through HTTPS.
SSH is about security; host key matters a lot here; and you can know
for sure by using this tool. It
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-3016-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
September 01, 2014
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-3015-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
September 01, 2014
Hi,
On 1 Sep 2014, at 10:43, Stephanie Daugherty sdaughe...@gmail.com wrote:
Sure it shows me the fingerprint, but it doesn't tell me for sure if that's
the RIGHT fingerprint or the fingerprint of an imposter,
It's entirely possible that both myself and that site are BOTH falling
victim to
On 01/09/14 10:43, Stephanie Daugherty wrote:
Sure it shows me the fingerprint, but it doesn't tell me for sure if that's
the RIGHT fingerprint or the fingerprint of an imposter,
It's entirely possible that both myself and that site are BOTH falling
victim to a MITM attack.(routing attacks,
W dniu 01.09.2014 o 17:16, Chris Nehren pisze:
It's Monday and I haven't had my tea yet, so maybe I'm missing
something. What is it?
It rules out the possibility, that your ssh connection is being MITMed.
If key reported by your ssh client is different than key reported by
this website,
If your HTTPS is not being MiTMed as well... (or the edge case - if it
is not John Leo doing the MiTMing of your SSH connection :)
If you trust Mr Leo *and* you know what that HTTPS cert should look
like, it may be of use. Personally, I'd rather do it more out-of-band
than this, but could be
Good to hear from you!
marginally better
We never said this is perfect. checkssh.com stops LOCAL bad boys. That's all.
both myself and that site are BOTH falling victim
Ah, here is the source code...
https://checkssh.com/result/indexdotphp.txt
It's extremely short and easy to read. You can set
Nice to hear from you!
I can only wish your suggestion is widely implemented. And don't forget those
machines without domain.
Best Wishes,
On 2014-9-2 04:21, Jeroen van der Ham wrote:
Hi,
On 1 Sep 2014, at 10:43, Stephanie Daugherty sdaughe...@gmail.com wrote:
Sure it shows me the
Thanks. Yes, your suggestion is cool.
Best Wishes,
On 2014-9-1 19:41, Micha Borrmann wrote:
Nice tool, but it is also possible, to use DNSSEC to validate SSH
fingerprints, which is much more comfortable and more secure.
Am 01.09.2014 um 06:41 schrieb John Leo:
This tool displays SSH host key
source code
It's here:
https://checkssh.com/result/indexdotphp.txt
Extremely short and easy to read.
trust the service operators
Hey, trust your own eyes. :-) Feel free to audit/use our code.
a better solution is to use Monkeysphere
Professional certificate authority vs OpenPGP web of trust
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:160
http://www.mandriva.com/en/support/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:161
http://www.mandriva.com/en/support/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:162
http://www.mandriva.com/en/support/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:164
http://www.mandriva.com/en/support/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:163
http://www.mandriva.com/en/support/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:165
http://www.mandriva.com/en/support/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:166
http://www.mandriva.com/en/support/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:167
http://www.mandriva.com/en/support/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:168
http://www.mandriva.com/en/support/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:169
http://www.mandriva.com/en/support/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:170
http://www.mandriva.com/en/support/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:171
http://www.mandriva.com/en/support/security/
Hi @ll,
Microsoft Office 2010 registers the following command lines with unquoted
pathnames containing spaces for various supported file types:
| C:\ FType | FIND.EXE =%ProgramFiles%\Microsoft
|
| access=C:\Program Files\Microsoft Office\Office14\protocolhandler.exe %1
|
Document Title:
===
Apple iOS v7.1.2 - Merge Apps Service Local Bypass Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1280
Video: http://www.vulnerability-lab.com/get_content.php?id=1281
Vulnerability Magazine:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-3017-1 secur...@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
26 matches
Mail list logo