[nsp-sec] ACK AS217 Re: ASN list with weak Debian/OpenSSL keys
Brian Eckman
eckman at umn.edu
Fri Jan 23 11:21:21 EST 2009
ACK 217
Thanks,
Brian
Florian Weimer wrote:
> ----------- nsp-security Confidential --------
>
> The following hosts use SSL certificates on port 443/TCP which are
> affected by CVE-2008-0166 and should be considered compromised. Data
> is about one hour old, based on a fresh scan seeded with this list:
>
> <http://www.codefromthe70s.org/sslblacklist-badcerts.aspx>
>
> Note that the list is outdated (with regard to certificate
> replacements) and probably incomplete. The list is currently making
> its round, and it might hit more public venues soon (if it hasn't
> happened yet).
>
> Affected parties can contact <security at debian.org> for assistance
> (including proof that the key is indeed compromised).
>
> 217 | 160.94.230.14 | www.meded.umn.edu
--
Brian Eckman, Security Analyst
University of Minnesota
Office of Information Technology
Security & Assurance
More information about the nsp-security
mailing list