Feed aggregator

Re: SSH host key fingerprint - through HTTPS

BugTraq Latest Security Advisories - 12 hours 45 min ago

Posted by Lukasz Biegaj on Sep 02

W dniu 01.09.2014 o 17:16, Chris Nehren pisze:

It rules out the possibility, that your ssh connection is being MITMed.
If key reported by your ssh client is different than key reported by
this website, then you shouldn't bother server admin with it, as the
issue is in your network.
Categories:

Re: [FD] SSH host key fingerprint - through HTTPS

BugTraq Latest Security Advisories - 12 hours 56 min ago

Posted by john on Sep 02

Or just use an SSHFP record in a signed zone
Categories:

Re: [FD] SSH host key fingerprint - through HTTPS

BugTraq Latest Security Advisories - 13 hours 5 min ago

Posted by Jeroen van der Ham on Sep 02

Hi,

There is a way now, using the “magic” of DNSSEC and SSHFP records: http://tools.ietf.org/html/rfc4255

You use the DNSSEC hierarchy to create a trust chain. You can then securely publish a signed fingerprint of your SSH
host key for that specific machine.

Jeroen.
Categories:

[SECURITY] [DSA 3015-1] lua5.1 security update

BugTraq Latest Security Advisories - 13 hours 16 min ago

Posted by Florian Weimer on Sep 02

-------------------------------------------------------------------------
Debian Security Advisory DSA-3015-1 security () debian org
http://www.debian.org/security/ Florian Weimer
September 01, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : lua5.1
CVE ID : CVE-2014-5461

A heap-based...
Categories:

[SECURITY] [DSA 3016-1] lua5.2 security update

BugTraq Latest Security Advisories - 13 hours 25 min ago

Posted by Florian Weimer on Sep 02

-------------------------------------------------------------------------
Debian Security Advisory DSA-3016-1 security () debian org
http://www.debian.org/security/ Florian Weimer
September 01, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : lua5.2
CVE ID : CVE-2014-5461

A heap-based...
Categories:

Re: [FD] SSH host key fingerprint - through HTTPS

BugTraq Latest Security Advisories - 13 hours 35 min ago

Posted by maxigas on Sep 02

From: John Leo <johnleo () checkssh com>
Subject: [FD] SSH host key fingerprint - through HTTPS
Date: Mon, 01 Sep 2014 12:41:17 +0800

Excellent point and thanks for the tool! Indeed, fingerprint
verification is the absolute weak point of SSH. Here the problem
is that you have to trust the service operators when you use
checkssh or set up your own. Is the source code available
somewhere?

Also, a better solution is to use Monkeysphere which...
Categories:

Bugtraq: Avira License Application - Cross Site Request Forgery Vulnerability

Avira License Application - Cross Site Request Forgery Vulnerability
Categories:

Bugtraq: Re: SSH host key fingerprint - through HTTPS

Re: SSH host key fingerprint - through HTTPS
Categories:

Vuln: Linux Kernel 'control.c' File Use After Free Memory Corruption Vulnerability

Linux Kernel 'control.c' File Use After Free Memory Corruption Vulnerability
Categories:

Vuln: Linux Kernel 'mm/slab.c' Local Denial of Service Vulnerability

Linux Kernel 'mm/slab.c' Local Denial of Service Vulnerability
Categories:

Vuln: Linux Kernel SCTP NULL Pointer Dereference Denial of Service Vulnerability

Linux Kernel SCTP NULL Pointer Dereference Denial of Service Vulnerability
Categories:

Vuln: Linux Kernel Unspecified Local Denial of Service Vulnerability

Linux Kernel Unspecified Local Denial of Service Vulnerability
Categories:

Vuln: Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability

Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-4268 Remote Security Vulnerability

Oracle Java SE CVE-2014-4268 Remote Security Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-4244 Remote Security Vulnerability

Oracle Java SE CVE-2014-4244 Remote Security Vulnerability
Categories:

Vuln: Serf CVE-2014-3504 SSL Certificate Validation Information Disclosure Vulnerability

Serf CVE-2014-3504 SSL Certificate Validation Information Disclosure Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-2403 Remote Security Vulnerability

Oracle Java SE CVE-2014-2403 Remote Security Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-0446 Remote Security Vulnerability

Oracle Java SE CVE-2014-0446 Remote Security Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-0453 Remote Security Vulnerability

Oracle Java SE CVE-2014-0453 Remote Security Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-0457 Remote Code Execution Vulnerability

Oracle Java SE CVE-2014-0457 Remote Code Execution Vulnerability
Categories: