10 Steps to Detect, Prevent, and Remediate the Terrapin Vulnerability

March 28, 2024 at 08:29AM The Tech Tip suggests that you can continue using SSH keys while protecting your system from CVE-2023-48795. It provides guidance on enhancing system security without the need to discontinue SSH key usage. Based on the meeting notes, the clear takeaway is that it is not necessary to stop using SSH … Read more

Terrapin attacks can downgrade security of OpenSSH connections

December 19, 2023 at 12:04PM The Terrapin attack manipulates SSH handshake sequence numbers to sabotage channel integrity, downgrading encryption and allowing message modification in OpenSSH 9.5. It exploits transport layer protocol weaknesses and newer cryptographic algorithms, impacting a majority of SSH implementations. The MiTM requirement makes its threat less severe, with mitigation efforts underway. The … Read more