Email or username:

Password:

Forgot your password?
hanno

Today, 16 years ago, Debian published a security advisory announcing CVE-2008-0166, a severe bug in their OpenSSL package that effectively broke the random number generator and limited the key space to a few ten thousand keys. The vulnerability affected Debian+Ubuntu between 2006 and 2008. In 2007, an email signature system called DKIM was introduced. Is it possible that people configured DKIM in 2007, never changed their key, and are still vulnerable to CVE-2008-0166? 16years.secvuln.info/

14 comments
Matt Palmer

@hanno hang on, *Entrust* was using a Debian weak key for their DKIM signing? That's just made my day.

muelli

@hanno very good work indeed. Bravo 👏

Ludwig Behm

@hanno Haha, just clicked the link, to have a good nostalgic read on my train ride about some long forgotten fuckup.
But then it got more and more side tracked into a truly magnificent dumpster fire!
Great work and great story! Loved it =)

Jeroen Massar

@hanno @vidister nice writeup! (and full agree on the BIMI comments ;) )

one quick Q: for "By scanning the Tranco Top 1 Million list, I collected 355,055 TXT records" how did you guess/find the selectors, unless you walked dnssec RRs or otherwise was able to dump the RRs?

hanno

@jeroen @vidister There's a sub-page with some explanations: 16years.secvuln.info/scandkim. Essentially: I took the most common selectors that I manually collected from emails, and removed some that I considered uninteresting (e.g. gmail's, as scanning the same gmail key a few thousand times isn't interesting)

hanno

@jeroen @vidister I had this at the top of the page originally, but got feedback that I'm diving into technical details ("selector") that are uninteresting for an audience that aren't email nerds, so I moved it into its own page, it's linked in the text.

buherator
@hanno as secure RSA keys don't fit into a single DNS record could it happen that out-of-order reassembly of records result in a weak DKIM key being used for verification?
kæt

I wonder why the M&S Food Hall smell is very different to other supermarkets? Most places go for a mixture of vanilla, yeast and leafy, but in M&S it's always a kind of salty, humousy attack-olive kind of smell.

It's a Rolexy LinkedIn kind of smell; an Opportunities for Networking, kind of smell; a Let Me Show You Our New Kitchen kind of smell; a Trap You In A Corner To Talk About AI and Bitcoin kind of Smell.

Such a fearful scent -- M&S so clearly scented Not For Me.

Kevin Karhan :verified:

@hanno yes!

Seen that in the wild.

Sadly that's covered by an NDA!

Leif Davisson

@hanno Possible you could check the DNS records for entries that haven't been modified since 2008.

Would you rather have an email from someone that has no DKIM or a DKIM from 2007?

StrawberryPuding

@hanno@mastodon.social i´m using one of the email providers mentioned- oh no ​:neocat_googly_shocked:​

Go Up