Threat Post

SLOTH Attacks Up Ante on SHA-1, MD5 Deprecation

Researchers have demonstrated new collision attacks against SHA-1 and MD5 implementations in TLS, IKE and SSH. If you’re hanging on to the theory that collision attacks against SHA-1 and MD5 aren’t ...
Network World

Millions of embedded devices use the same hard-coded SSH and TLS private keys

Thousands of routers, modems, IP cameras, VoIP phones and other embedded devices share the same hard-coded SSH (Secure Shell) host keys or HTTPS (HTTP Secure) server certificates, a study found. By ...
Ars Technica

In a first, cryptographic keys protecting SSH connections stolen in new attack

For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally ...
Ars Technica

SSH protects the world’s most sensitive networks. It just got a lot weaker

Sometime around the start of 1995, an unknown person planted a password sniffer on the network backbone of Finland’s Helsinki University of Technology (now known as Aalto University). Once in place, ...
Linux Journal

Strengthening Diffie-Hellman in SSH and TLS

Conjecture on cracked primes for the Diffie-Hellman asymmetric algorithm is in recent news, suggesting that several nations have broken primes in common use and can read all traffic: [root@host ~]# ...
InfoWorld

Millions of embedded devices use the same hard-coded SSH and TLS private keys

Keys hard-coded in thousands of routers, modems, IP cameras, VoIP phones and other devices can be used to launch man-in-the-middle attacks Thousands of routers, modems, IP cameras, VoIP phones and ...