[nsp-sec] ACK 25560: Re: ASN list with weak Debian/OpenSSL keys
Sebastian Abt
sa at rh-tec.de
Fri Jan 23 12:53:37 EST 2009
We'll take care.
sebastian
* Florian Weimer wrote:
> ----------- nsp-security Confidential --------
>
> The following hosts use SSL certificates on port 443/TCP which are
> affected by CVE-2008-0166 and should be considered compromised. Data
> is about one hour old, based on a fresh scan seeded with this list:
>
> <http://www.codefromthe70s.org/sslblacklist-badcerts.aspx>
>
> Note that the list is outdated (with regard to certificate
> replacements) and probably incomplete. The list is currently making
> its round, and it might hit more public venues soon (if it hasn't
> happened yet).
>
> Affected parties can contact <security at debian.org> for assistance
> (including proof that the key is indeed compromised).
>
> 71 | 15.224.168.118 | secure.instalogo.com
> 174 | 38.99.42.140 | www.adrive.com
> 174 | 38.99.42.169 | www.adrive.com
> 217 | 160.94.230.14 | www.meded.umn.edu
> 286 | 193.172.43.20 | shop.mcdos.nl
> 702 | 194.175.112.13 | webmail.agencynet.de
> 760 | 131.130.183.109 | whav.aussereurop.univie.ac.at
> 786 | 131.251.137.13 | cardiffmail.cf.ac.uk
> 786 | 193.62.203.34 | enigma.sanger.ac.uk
> 786 | 193.62.203.57 | enigma.sanger.ac.uk
> 1133 | 130.89.175.60 | ibbs.os.utwente.nl
> 1221 | 203.41.80.20 | secure.cardaccess.com.au
> 1668 | 205.188.111.229 | youroldhouse.thisoldhouse.com
> 1835 | 130.225.157.48 | www.wayf.dk
> 1835 | 192.38.94.11 | password.dtu.dk
> 1930 | 193.136.126.41 | www.fct.unl.pt
> 2110 | 193.95.151.175 | secure.hostelworld.com
> 2110 | 193.95.151.177 | secure.hostels.com
> 2110 | 193.95.151.178 | secure.bookhostels.com
> 2819 | 195.39.35.110 | www.ifortuna.sk
> 2819 | 195.39.69.116 | www.datart.sk
> 2828 | 64.2.3.20 | store.untangle.com
> 2856 | 81.138.247.171 | www.gamepackpro.com
> 2914 | 198.173.110.198 | www.photovu.com
> 3209 | 88.79.222.140 | www.fortisfinanz.de
> 3221 | 193.40.0.71 | proposals.etf.ee
> 3320 | 80.152.163.142 | www.comtecgermany.de
> 3320 | 195.145.169.215 | kvv.mobilesticket.de
> 4323 | 206.169.213.211 | www.adrive.com
> 4589 | 195.177.34.38 | www.probierpioniere.de
> 5400 | 62.134.61.172 | ssl.bayern.de
> 5400 | 195.200.71.173 | www.elternimnetz.de
> 5430 | 194.97.53.102 | www.dallmayr-versand.de
> 5432 | 195.238.0.114 | e-care.skynet.be
> 5464 | 62.112.132.205 | www.teleson.de
> 5483 | 195.228.254.231 | www.boltertekelo.hu
> 5521 | 212.1.40.27 | gewinnspiel.deutschepost.de
> 5617 | 80.48.120.47 | multizakupy.pl
> 6364 | 209.208.1.41 | www.popsci.com
> 6547 | 66.18.17.67 | www.mailfoundry.com
> 6666 | 62.111.65.138 | evolver.gea.de
> 6666 | 62.111.105.133 | www.salesking.eu
> 6724 | 81.169.131.131 | shop.mikromarken.de
> 6724 | 81.169.157.252 | www.line5.net
> 6724 | 85.214.55.223 | www.gsgsgnsm.de
> 6724 | 85.214.89.115 | www.sanumvitalis.de
> 6724 | 85.214.120.44 | www.aokplus-online.de
> 6730 | 195.141.81.27 | www.sanitas.com
> 6740 | 213.235.186.102 | www.foxinus.cz
> 6805 | 195.71.215.204 | anmeldung.cityweb.de
> 6805 | 217.188.246.72 | www.viega.de
> 7018 | 12.108.93.221 | warriornet.rc.edu
> 7136 | 140.99.57.76 | scanner.masecure.com
> 7575 | 130.194.11.65 | mail.monash.edu.au
> 7781 | 205.207.162.162 | www.gelaskins.com
> 8001 | 66.246.133.216 | www.lostgolfballs.com
> 8358 | 195.70.62.185 | www.computeremporium.hu
> 8404 | 194.56.218.149 | secure-graenichen.format-ag.ch
> 8422 | 87.79.24.244 | www.awbkoeln.de
> 8426 | 80.168.69.144 | ticket.uk.clara.net
> 8426 | 80.168.118.75 | ticket.uk.clara.net
> 8560 | 87.106.28.229 | www.ime.de
> 8890 | 193.0.96.17 | irk.uw.edu.pl
> 8893 | 80.252.111.201 | www.humpty.de
> 8893 | 212.48.104.193 | www.mcs-verkauf.com
> 8972 | 85.25.61.250 | secure.weidelt.de
> 8972 | 85.25.93.167 | www.aktivat.de
> 8972 | 85.25.127.103 | www.online-ssl.de
> 8972 | 85.25.133.34 | images.loesdau.de
> 8972 | 217.118.22.134 | gmx.youniik.com
> 9063 | 217.11.58.90 | www.raumobil.de
> 9167 | 195.184.117.150 | secure.trifork.com
> 9431 | 130.216.33.104 | wiki.cs.auckland.ac.nz
> 9431 | 130.216.33.106 | www.cs.auckland.ac.nz
> 10316 | 69.64.68.63 | secure.sqlmanager.net
> 11106 | 140.177.205.32 | store.wolfram.com
> 11388 | 66.40.7.77 | thankyou.duoservers.com
> 11401 | 209.240.234.1 | signup.duluth.cpinternet.com
> 11426 | 71.77.9.181 | secure.bonkabonka.com
> 12260 | 206.212.242.42 | secure.weonlydo.com
> 12322 | 88.191.40.148 | www.memotoo.com
> 12407 | 212.117.74.238 | www.fortknox.de
> 12859 | 213.154.235.47 | www.docdatapayments.com
> 13030 | 194.105.159.23 | plazes.com
> 13301 | 85.14.220.149 | vserver.schneider-consulting.it
> 13768 | 69.90.102.17 | pos.e-xact.com
> 14618 | 75.101.129.207 | www.messagesling.com
> 14745 | 64.74.196.213 | docs.jbosson.redhat.com
> 15318 | 132.206.28.137 | www.martlet.mcgill.ca
> 15395 | 78.136.9.161 | surveys.globalepanel.com
> 15395 | 78.136.9.163 | rec1.globalepanel.com
> 15395 | 78.136.9.165 | www3.globalepanel.com
> 15555 | 80.249.168.193 | www.cbmondemand.com
> 15598 | 62.146.108.150 | ssl.buffed.de
> 15830 | 81.201.103.164 | www.freelancermap.de
> 16097 | 86.56.35.10 | webmail.infocity.de
> 16097 | 86.56.35.94 | my.infocity.de
> 16243 | 87.249.105.147 | www.alamo.nl
> 16245 | 217.116.232.249 | gigahost.dk
> 16265 | 62.212.66.94 | wiki.tmm.cx
> 16265 | 85.17.237.129 | www.zaplive.tv
> 16265 | 91.184.54.81 | www.hc-medien.eu
> 17554 | 202.68.199.151 | www.mo-call.com
> 17746 | 60.234.40.45 | www.hostingdirect.co.nz
> 20676 | 83.236.182.199 | gutscheine.balitherme.de
> 20676 | 87.234.42.210 | ibe.flightconex.de
> 20676 | 92.198.29.51 | milibib.missing-link.de
> 20773 | 80.237.154.24 | www.tierschutzbund.de
> 20773 | 80.237.197.15 | www.drkcms.de
> 20773 | 80.237.197.22 | spenden.drk.de
> 20773 | 87.230.73.54 | www.nicknumber.de
> 20773 | 87.230.84.245 | www.games-freak.com
> 20773 | 217.115.154.100 | www.computerwissen-shop.de
> 20773 | 217.115.156.225 | www.aids-stiftung.de
> 20792 | 213.216.16.240 | www.toner-dumping.de
> 20804 | 82.177.35.4 | gamma.pwsz.bialapodlaska.pl
> 21631 | 65.162.166.210 | cartxl.net
> 22489 | 69.55.231.118 | videosift.com
> 23342 | 209.237.240.191 | incircle.wiu.edu
> 23342 | 209.237.247.66 | www.noisebridge.net
> 23372 | 63.208.77.75 | www.ascentmp.com
> 23498 | 74.213.174.127 | www.remotecontrolwarehouse.com
> 24006 | 202.160.48.115 | www.perweek.co.nz
> 24437 | 130.95.128.135 | webmail-5.ucs.uwa.edu.au
> 24679 | 81.3.1.82 | www.messermarkt.at
> 24679 | 83.246.70.136 | xml.amprice.de
> 24679 | 83.246.90.48 | survey.simon-kucher.com
> 24940 | 78.46.52.79 | www.svgopen.org
> 24940 | 78.46.78.140 | bplaced.net
> 24940 | 78.47.31.50 | konto.onvista-bank.de
> 24940 | 78.47.42.49 | www.mitfahrzug.de
> 24940 | 78.47.57.66 | www.kreisalarm.de
> 24940 | 78.47.76.55 | www.ich-zapfe.de
> 24940 | 78.47.195.109 | ccp.netcup.net
> 24940 | 78.47.222.134 | my.xlogon.net
> 24940 | 85.10.199.90 | www.sms77.de
> 24940 | 85.10.210.248 | www.workdress.de
> 24940 | 88.198.22.114 | www.ichbinleise.ch
> 24940 | 88.198.34.214 | www.multielectronics.de
> 24940 | 88.198.39.58 | secure.muenchner-singles.de
> 24940 | 88.198.44.46 | www.mr-money.de
> 24940 | 88.198.71.11 | ssl.luupo.de
> 24940 | 88.198.71.28 | ssl.luupo.de
> 24940 | 88.198.76.48 | abbocshop.concertopro.ch
> 24940 | 213.239.212.242 | www.dailyme.tv
> 24940 | 213.239.234.50 | www.metropipe.net
> 25074 | 195.246.172.31 | www.insurancecity.de
> 25220 | 85.197.78.2 | www.officepartner.net
> 25220 | 85.197.78.242 | www1.aldi-blumenservice.de
> 25220 | 85.197.78.243 | www2.aldi-blumenservice.de
> 25560 | 217.24.219.102 | www.baseline-vertrieb.de
> 25560 | 217.24.219.152 | www.buy-it24.com
> 25560 | 217.24.219.153 | www.dalewohndesign.com
> 25560 | 217.24.219.156 | www.freihausdeutschland.de
> 25560 | 217.24.219.164 | www.technic-shop-online.de
> 25560 | 217.24.219.203 | www.hotopp-24.de
> 26228 | 64.151.72.164 | wiki.hjksolutions.com
> 26277 | 64.235.56.28 | www.clearcheckbook.com
> 27258 | 69.27.136.17 | mail.atlascomm.net
> 27325 | 64.20.231.77 | www.joinrudy2008.com
> 28716 | 80.94.114.136 | www.casacenina.com
> 29097 | 217.26.48.106 | www.mail2web.ch
> 29169 | 217.70.184.11 | mail.gandi.net
> 29169 | 217.70.184.36 | api.ote.gandi.net
> 29422 | 83.145.192.163 | secure.inst.fi
> 29518 | 83.233.30.91 | rarbg.com
> 29551 | 193.24.255.201 | billing.gamigogames.de
> 29551 | 193.24.255.209 | itemshop.fiesta-online.de
> 29624 | 82.212.222.147 | www.sport-saller.de
> 29691 | 217.150.243.4 | ticketsystem.dynamic-support.ch
> 29791 | 74.63.32.57 | customer.wholesaleinternet.com
> 30496 | 72.249.39.26 | www.moneytrackin.com
> 30496 | 72.249.127.182 | coderanger.net
> 31100 | 217.119.55.200 | youni-mobile.de
> 31103 | 84.19.169.7 | www.tele-thorwarth.de
> 31103 | 217.114.223.18 | www.hotelreservierung.de
> 31197 | 82.197.152.14 | www.lambertz-shop.de
> 31239 | 89.31.135.154 | shop.libratel.at
> 31333 | 83.151.24.34 | admin.vollmar.net
> 31442 | 83.137.102.59 | www.dfg-vk.de
> 31442 | 83.137.103.37 | www.einkaufstrolley.de
> 31521 | 83.137.169.235 | www.gabal-verlag.de
> 31621 | 193.23.48.224 | ssl.aukro.cz
> 31621 | 193.23.48.227 | ssl.teszvesz.hu
> 32400 | 216.139.224.57 | www.myautoforex.com
> 32613 | 70.38.42.169 | developer.opencloud.com
> 32613 | 72.55.161.230 | www.mobivox.com
> 33070 | 72.32.61.140 | www.within3.com
> 34011 | 77.91.239.14 | www.baumschule-horstmann.de
> 34011 | 77.91.239.16 | www.pflanzotheke.de
> 34432 | 85.158.182.42 | www.mobile2day.com
> 34432 | 85.158.183.84 | www.lobigo.com
> 34762 | 77.241.85.12 | www.abk.be
> 34764 | 193.28.153.5 | ssl.vps4less.de
> 35170 | 193.239.28.248 | www.1a-apo.de
> 35219 | 85.119.217.98 | www.megamobile.be
> 35425 | 80.68.85.103 | secure.retaileyes.co.uk
> 35425 | 89.16.180.74 | inet.argonaudio.com
> 36024 | 72.249.185.106 | console.rimuhosting.com
> 36351 | 74.86.250.106 | click4play.ssl.subhub.com
> 39392 | 88.86.111.150 | obchod.viry.cz
> 40127 | 134.174.150.107 | drosophila.med.harvard.edu
> 40963 | 89.187.73.21 | shop.unitednude.com
> 41391 | 213.238.52.144 | www.parkfoxx.de
> 41470 | 79.140.45.2 | www.lld-shop.de
> 42311 | 91.190.244.103 | www.simply-connect.de
> 42366 | 194.0.201.133 | www.atb-tuning.de
> 42800 | 193.33.200.11 | www.ghelir.ro
> 43541 | 78.24.10.34 | www.edisk.cz
> 44684 | 93.93.128.21 | www.we7.com
> 47885 | 195.228.74.177 | www.bidder.hu
>
> --
> Florian Weimer <fweimer at bfk.de>
> BFK edv-consulting GmbH http://www.bfk.de/
> Kriegsstraße 100 tel: +49-721-96201-1
> D-76133 Karlsruhe fax: +49-721-96201-99
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
--
fon: +49 69 95411 15 e-mail: sa at rh-tec.de
fax: +49 69 95411 45 mobile: +49 69 95411 55
rh-tec Business GmbH http://www.rh-tec.de/
Ringstrasse 36 32584 Loehne
Geschaeftsfuehrer: Gerhard Roehrmann
Registergericht: AG Bad Oeynhausen, HRB 8112
More information about the nsp-security
mailing list