Back in 2008 Github account holders were strongly advised to discontinue use of any SSH keys generated on Debian based systems (including Ubuntu) as they were deemed too weak to be considered safe - the pool of numbers used to create the keys was said to make cracking said keys 'trivial'. Users were told to patch their Debian based systems and update their keys.
The issue appears to have resurfaced seven years later, with Github staff finding that many users did not take heed of the advice given back then. It has been established that there were, at least, 94 keys on GitHub that contained the Debian-derived weakness. The staff have since revoked many of the keys, as a way of protecting themselves from blame and bad press.
Keys found on Github allow users acces to public repository accounts belonging to the likes of Spotify, Yandex, and UK government developers.
0 comments:
Post a Comment