home.social

#terrapinattack — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #terrapinattack, aggregated by home.social.

  1. A recent report from the security threat monitoring platform Shadowserver reveals that almost 11 million SSH servers on the public web, identified by unique IP addresses, are vulnerable to Terrapin attacks.

    #Cybersecurity #SSH #TerrapinAttack #Cyberthreat

    cybersec84.wordpress.com/2024/

  2. On #OpenSSH ssh (-vvv) client side successful CVE-2023-48795 mitigation will appear as:

    debug3: kex_choose_conf: will use strict KEX ordering

    On sshd (-ddd) side:

    debug3: kex_choose_conf: will use strict KEX ordering [preauth]

    #terrapinattack

  3. 🔐 Securing Your Digital Frontier: Defending Against Terrapin Attacks 🔐

    In the ever-evolving landscape of cybersecurity, vigilance is key. 🚨 Recent discoveries reveal a critical vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol, posing a significant threat known as the Terrapin attack.
    relianoid.com/blog/keep-your-b

  4. chuckling that Ars reports the AsyncSSH side of the #TerrapinAttack news w/ "it has 60,000 dl’s /a day/!”, implying this means it's popular.

    Twisted, which includes an SSH implementation (Conch; tho I'm not at all sure how much this is truly used, I've never run into it in the wild myself) sees 150K downloads/day.

    Paramiko, which is the "top of mind" SSH implementation for Python (I am slightly biased, but…) sees 1.5MM downloads/day.

    This, plus the sensationalist headline, make me a bit sad.

  5. We got our traditional end of December new attack with a logo. I think we can call the year over, right? (Please nothing else this year 😅 )

    terrapin-attack.com/

    #TerrapinAttack

  6. We've just released #PuTTY version 0.80! This is a SECURITY UPDATE, fixing the newly discovered 'Terrapin' #vulnerability, aka CVE-2023-48795, in some widely used #SSH protocol extensions.

    The release is available in the usual place, at chiark.greenend.org.uk/~sgtath

    Full information on the vulnerability is at chiark.greenend.org.uk/~sgtath

    We urge users to upgrade, and also upgrade #OpenSSH servers. A fix is needed at both ends of the connection to eliminate the vulnerability.

    #TerrapinAttack