#terrapinattack — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #terrapinattack, aggregated by home.social.
-
A recent report from the security threat monitoring platform Shadowserver reveals that almost 11 million SSH servers on the public web, identified by unique IP addresses, are vulnerable to Terrapin attacks.
-
On #OpenSSH ssh (-vvv) client side successful CVE-2023-48795 mitigation will appear as:
debug3: kex_choose_conf: will use strict KEX ordering
On sshd (-ddd) side:
debug3: kex_choose_conf: will use strict KEX ordering [preauth]
-
🔐 Securing Your Digital Frontier: Defending Against Terrapin Attacks 🔐
In the ever-evolving landscape of cybersecurity, vigilance is key. 🚨 Recent discoveries reveal a critical vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol, posing a significant threat known as the Terrapin attack.
https://www.relianoid.com/blog/keep-your-business-safe-from-terrapin-attacks-a-cybersecurity-imperative/
#Cybersecurity #TerrapinAttack #SSHProtocol #RELIANOID #DigitalSecurity #InfoSec #CyberDefense #NetworkSecurity #TechSecurity #DataProtection #SecureConnections -
chuckling that Ars reports the AsyncSSH side of the #TerrapinAttack news w/ "it has 60,000 dl’s /a day/!”, implying this means it's popular.
Twisted, which includes an SSH implementation (Conch; tho I'm not at all sure how much this is truly used, I've never run into it in the wild myself) sees 150K downloads/day.
Paramiko, which is the "top of mind" SSH implementation for Python (I am slightly biased, but…) sees 1.5MM downloads/day.
This, plus the sensationalist headline, make me a bit sad.
-
Glad to see that #libssh2 is on top of things adding #terrapinattack mitigation https://github.com/libssh2/libssh2/pull/1291
-
#OpenSSH 9.6 has been released and it fixes "Terrapin attack" -- https://www.openssh.com/txt/release-9.6 #terrapinattack #vulnerability
-
We got our traditional end of December new attack with a logo. I think we can call the year over, right? (Please nothing else this year 😅 )
-
We've just released #PuTTY version 0.80! This is a SECURITY UPDATE, fixing the newly discovered 'Terrapin' #vulnerability, aka CVE-2023-48795, in some widely used #SSH protocol extensions.
The release is available in the usual place, at https://www.chiark.greenend.org.uk/~sgtatham/putty/
Full information on the vulnerability is at https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terrapin.html
We urge users to upgrade, and also upgrade #OpenSSH servers. A fix is needed at both ends of the connection to eliminate the vulnerability.