Lmst
Login

#terrapinattack

FreemindFreemind@mastodon.online
2024-01-04

A recent report from the security threat monitoring platform Shadowserver reveals that almost 11 million SSH servers on the public web, identified by unique IP addresses, are vulnerable to Terrapin attacks.

#Cybersecurity #SSH #TerrapinAttack #Cyberthreat

cybersec84.wordpress.com/2024/

Waseemiamwaseem@mas.to
2024-01-03

Make sure to keep your SSH servers secure due to recent attack on the SSH protocol

flashfeed.theplanethub.com/202

#news #serversecurity #server #security #ssh #terrapinattack

Harry Sintonenharrysintonen@infosec.exchange
2023-12-22

On #OpenSSH ssh (-vvv) client side successful CVE-2023-48795 mitigation will appear as:

debug3: kex_choose_conf: will use strict KEX ordering

On sshd (-ddd) side:

debug3: kex_choose_conf: will use strict KEX ordering [preauth]

#terrapinattack

Sam Stepanyan :verified: 🐘securestep9@infosec.exchange
2023-12-19

#SSH protocol #vulnerability disclosed:
#TerrapinAttack 👇
terrapin-attack.com/

Jeff Forcierbitprophet@social.coop
2023-12-19

chuckling that Ars reports the AsyncSSH side of the #TerrapinAttack news w/ "it has 60,000 dl’s /a day/!”, implying this means it's popular.

Twisted, which includes an SSH implementation (Conch; tho I'm not at all sure how much this is truly used, I've never run into it in the wild myself) sees 150K downloads/day.

Paramiko, which is the "top of mind" SSH implementation for Python (I am slightly biased, but…) sees 1.5MM downloads/day.

This, plus the sensationalist headline, make me a bit sad.

Harry Sintonenharrysintonen@infosec.exchange
2023-12-19

Glad to see that #libssh2 is on top of things adding #terrapinattack mitigation github.com/libssh2/libssh2/pul

Harry Sintonenharrysintonen@infosec.exchange
2023-12-18

#OpenSSH 9.6 has been released and it fixes "Terrapin attack" -- openssh.com/txt/release-9.6 #terrapinattack #vulnerability

Thomas GerbetLe_suisse@social.gerbet.me
2023-12-18

We got our traditional end of December new attack with a logo. I think we can call the year over, right? (Please nothing else this year 😅 )

terrapin-attack.com/

#TerrapinAttack

Simon Tathamsimontatham@hachyderm.io
2023-12-18

We've just released #PuTTY version 0.80! This is a SECURITY UPDATE, fixing the newly discovered 'Terrapin' #vulnerability, aka CVE-2023-48795, in some widely used #SSH protocol extensions.

The release is available in the usual place, at chiark.greenend.org.uk/~sgtath

Full information on the vulnerability is at chiark.greenend.org.uk/~sgtath

We urge users to upgrade, and also upgrade #OpenSSH servers. A fix is needed at both ends of the connection to eliminate the vulnerability.

#TerrapinAttack

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst