{"id":25003,"date":"2015-11-30T09:55:58","date_gmt":"2015-11-30T07:55:58","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=25003"},"modified":"2015-11-30T09:55:58","modified_gmt":"2015-11-30T07:55:58","slug":"house-of-keys","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2015\/11\/30\/house-of-keys\/","title":{"rendered":"House of Keys"},"content":{"rendered":"<!-- google_ad_section_start -->\n<p>Here&#8217;s yet another research confirming how much of a myth online security really is &#8211; &#8220;<a href=\"http:\/\/blog.sec-consult.com\/2015\/11\/house-of-keys-industry-wide-https.html\">House of Keys: Industry-Wide HTTPS Certificate and SSH Key Reuse Endangers Millions of Devices Worldwide<\/a>&#8220;:<\/p>\n<blockquote><p>We have correlated our data with data from Internet-wide scans (<a href=\"http:\/\/scans.io\/\" target=\"_blank\">Scans.io<\/a> and <a href=\"http:\/\/censys.io\/\" target=\"_blank\">Censys.io<\/a>) and found that our data set (580 unique keys) contains:<\/p>\n<ul>\n<li>the private keys for more than <b>9% of all HTTPS hosts on the web (~150 server certificates, used by 3.2 million hosts)<\/b><\/li>\n<li>the private keys for more than <b>6% of all SSH hosts on the web (~80 SSH host keys used by 0.9 million hosts)<\/b><\/li>\n<\/ul>\n<p>So in total at least 230 out of 580 keys are actively used. Other research has pointed out the extent of this problem (Heninger, Nadia, et al. &#8220;<a href=\"https:\/\/factorable.net\/paper.html\" target=\"_blank\">Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices<\/a>&#8220;, Durumeric, Zakir, et al. &#8220;<a href=\"https:\/\/jhalderm.com\/pub\/papers\/https-imc13.pdf\" target=\"_blank\">Analysis of the HTTPS certificate ecosystem<\/a>&#8220;). However using our approach, an attribution at a vendor\/product level is now possible. Plus the private keys have now been obtained.<\/p><\/blockquote>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>Here&#8217;s yet another research confirming how much of a myth online security really is &#8211; &#8220;House of Keys: Industry-Wide HTTPS Certificate and SSH Key Reuse Endangers Millions of Devices Worldwide&#8220;: We have correlated our data with data from Internet-wide scans (Scans.io and Censys.io) and found that our data set (580 unique keys) contains: the private &hellip; <a href=\"https:\/\/mamchenkov.net\/wordpress\/2015\/11\/30\/house-of-keys\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">House of Keys<\/span><\/a><\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"House of Keys #security #WebWork","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_links_to":"","_links_to_target":""},"categories":[1,62,1334],"tags":[200],"keyring_services":[],"class_list":["post-25003","post","type-post","status-publish","format-standard","hentry","category-general","category-technology","category-web-work","tag-security"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":28211,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/11\/13\/ssh-via-bastion-host\/","url_meta":{"origin":25003,"position":0},"title":"SSH via bastion host","author":"Leonid Mamchenkov","date":"November 13, 2017","format":false,"excerpt":"A while back I wrote this blog post on the subject of using SSH via bastion hosts.\u00a0 If you are into this sort of thing, have a look at this blog post by my brother.\u00a0 He is providing a few more explanations and clarifications, as well as covers a tricky\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":25997,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/04\/04\/share-your-public-keys-easily-with-github\/","url_meta":{"origin":25003,"position":1},"title":"Share your public keys easily with GitHub","author":"Leonid Mamchenkov","date":"April 4, 2016","format":false,"excerpt":"Here's a handy thing that I didn't know about - you can easily share your public keys by adding them to your GitHub account and then accessing the URL of the form https:\/\/github.com\/YOUR_USERNAME.keys . \u00a0What you get is a plain text response with all your public keys, ready to be\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12267,"url":"https:\/\/mamchenkov.net\/wordpress\/2010\/03\/19\/copy-ssh-key-to-remote-machine\/","url_meta":{"origin":25003,"position":2},"title":"Copy SSH key to remote machine","author":"Leonid Mamchenkov","date":"March 19, 2010","format":false,"excerpt":"Those of us who use secure shell (SSH) for logging in to remote machines, already know about key authentication, which is so much easier and sometimes more secure than password authentication.\u00a0 We also know that in order to make it work you need to: generate a pair of keys with\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9592,"url":"https:\/\/mamchenkov.net\/wordpress\/2005\/10\/20\/synchronizing-directories-with-perl-and-ssh\/","url_meta":{"origin":25003,"position":3},"title":"Synchronizing directories with Perl and SSH","author":"Leonid Mamchenkov","date":"October 20, 2005","format":false,"excerpt":"For a while now I have been using ICQ both at home and at work. Instead of having two different copies of data or running ICQ remotely, I was simply copying all data files over between these two locations. rsync with scp were doing the job just fine. The problem\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":29153,"url":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/28\/ssh-examples-tips-tunnels\/","url_meta":{"origin":25003,"position":4},"title":"SSH Examples, Tips &#038; Tunnels","author":"Leonid Mamchenkov","date":"December 28, 2018","format":false,"excerpt":"\"SSH Examples, Tips & Tunnels\" is a nice collection of tips and examples for Secure Shell (ssh) users. It covers a variety of scenarios from simple remote connections, to file copying, to tunnels and jump hosts.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":28347,"url":"https:\/\/mamchenkov.net\/wordpress\/2018\/01\/22\/sql-keys-in-depth\/","url_meta":{"origin":25003,"position":5},"title":"SQL Keys in Depth","author":"Leonid Mamchenkov","date":"January 22, 2018","format":false,"excerpt":"SQL Keys in Depth is an excellent read if you want to brush up on your knowledge of database keys and how they affect the performance of your application.\u00a0 For the laziest among you, here are the summary points, based on an extensive research of 60+ articles, StackOverflow questions and\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/25003","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=25003"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/25003\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=25003"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=25003"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=25003"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=25003"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}