[nsp-sec] ACK71: ASN list with weak Debian/OpenSSL keys
Helmut Springer
delta at hp.com
Fri Jan 23 11:34:15 EST 2009
Hi,
On Fri, Jan 23, 2009 at 03:18:40PM +0000, Florian Weimer wrote:
> The following hosts use SSL certificates on port 443/TCP which are
> affected by CVE-2008-0166 and should be considered compromised. Data
> is about one hour old, based on a fresh scan seeded with this list:
>
> <http://www.codefromthe70s.org/sslblacklist-badcerts.aspx>
>
> Note that the list is outdated (with regard to certificate
> replacements) and probably incomplete. The list is currently making
> its round, and it might hit more public venues soon (if it hasn't
> happened yet).
>
> Affected parties can contact <security at debian.org> for assistance
> (including proof that the key is indeed compromised).
>
> 71 | 15.224.168.118 | secure.instalogo.com
Investigating, thanks!
Best Regards,
helmut
--
helmut springer HP Services
email: delta at hp.com
phone: +49.7031.14.4240 Escalation Manager
More information about the nsp-security
mailing list