regnil
hannoToday, 16 years ago, Debian published a security advisory announcing CVE-2008-0166, a severe bug in their OpenSSL package that effectively broke the random number generator and limited the key space to a few ten thousand keys. The vulnerability affected Debian+Ubuntu between 2006 and 2008. In 2007, an email signature system called DKIM was introduced. Is it possible that people configured DKIM in 2007, never changed their key, and are still vulnerable to CVE-2008-0166? https://16years.secvuln.info/
Dominic White@hanno nice work Hanno!
Matt Palmer@hanno hang on, *Entrust* was using a Debian weak key for their DKIM signing? That's just made my day.
muelli@hanno very good work indeed. Bravo 👏
Ludwig Behm@hanno Haha, just clicked the link, to have a good nostalgic read on my train ride about some long forgotten fuckup.
But then it got more and more side tracked into a truly magnificent dumpster fire!
Great work and great story! Loved it =)
But then it got more and more side tracked into a truly magnificent dumpster fire!
Great work and great story! Loved it =)
kætI wonder why the M&S Food Hall smell is very different to other supermarkets? Most places go for a mixture of vanilla, yeast and leafy, but in M&S it's always a kind of salty, humousy attack-olive kind of smell.
It's a Rolexy LinkedIn kind of smell; an Opportunities for Networking, kind of smell; a Let Me Show You Our New Kitchen kind of smell; a Trap You In A Corner To Talk About AI and Bitcoin kind of Smell.
Such a fearful scent -- M&S so clearly scented Not For Me.
Kevin Karhan 
StrawberryPuding@hanno i´m using one of the email providers mentioned- oh no 
Ryan Castellucci (they/them) 
@hanno I have I scanner for dkim keys... 🤔
TobiX@hanno I still find it wild that somebody tried to get a certificate with a Debian weak key in 2020 from ssl.com: https://groups.google.com/g/mozilla.dev.security.policy/c/2uuXLPwGoSA/m/bqUDTXPSAgAJ - I mean: HOW?