badkeys is an open source tool to check cryptographic keys for known vulnerabilities. Its developer @hanno gave a talk at German OWASP Day where he discussed how old bugs never die. He tested for the Debian OpenSSL bug discovered in 2008 & found hundreds of DKIM setups still vulnerable. Vulnerable hosts included prominent names like Cisco, Oracle, Skype, and Github. But he sees even older vulns including one which is over 300 years old.
Watch the talk here: https://media.ccc.de/v/god2024-56276-the-debian-openssl-bug-and
#NGI #NGI0
Embed Notice
HTML Code
Corresponding Notice
- Embed this notice
NGI Zero open source funding (ngizero@mastodon.xyz)'s status on Tuesday, 10-Dec-2024 02:56:31 JSTNGI Zero open source funding