Infineon firmware security issues
Michael Scherer
mscherer at redhat.com
Tue Oct 17 10:31:19 UTC 2017
Le mardi 17 octobre 2017 à 18:56 +0900, Marc Dequènes (Duck) a écrit :
> Quack,
>
> So the news (thanks Misc for the alert):
>
> https://www.infineon.com/cms/en/product/promopages/rsa-update/rsa-bac
> kground
>
> This affects Yubikeys and other hardware:
> https://www.yubico.com/support/security-advisories/ysa-2017-01/
>
> There's a nice tool to test if a key is vulnerable:
> https://github.com/crocs-muni/roca
>
> I tested keys in the oVirt Puppet repository and none are affected.
>
> You may check your other keys and ensure keys are checked in other
> projects.
Ideally, if someone could verify the key in Gerrit, it would be
helpful. I removed mine, but I suspect i am not the only one who tried
to follow best practices :)
Debian, Github and Fedora did sent alert to people affected, and I am
in the process of changing my key from the 50 to 60 place where I used
it and I assume most affected people will be aware somehow, but
automated removal from vulnerable systems would surely help.
--
Michael Scherer
Sysadmin, Community Infrastructure and Platform, OSAS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.ovirt.org/pipermail/infra/attachments/20171017/0b168105/attachment.sig>
More information about the Infra
mailing list