Evil OpenSSH servers can steal your private login keys to other systems – patch now • The Register

 

Malicious OpenSSH servers can silently steal people’s private SSH keys as they try to login, it emerged today.This means criminals who compromise one server can secretly grab keys needed to log into other systems from a user’s computer – allowing crooks to jump from server to server.

The security cockup, present in the default configuration of OpenSSH, has been patched today, and all users and administrators are urged to update as soon as possible.

SSH keys are an alternative to passwords: you generate a public and private key pair, give the remote server your public key, and keep the private key on your own computer. Then when you next login, the SSH server and client use the keys to identify and authorize you. If someone swipes your private key, they can log in as you – it’s as if they stole your password…

Source: Evil OpenSSH servers can steal your private login keys to other systems – patch now • The Register

Using a Ubuntu/Debian VPS to Establish Anonymous SSH sessions with TOR – Low End Box

screen-shot-2015-05-11-at-12-56-49

Perhaps you’ve wanted to set up a virtual private server (VPS) to anonymize HTTP traffic on the TOR network.OpenSSH would be the first solution that admins would turn to, given the fact that OpenSSH is the de facto tool used utilize to encrypt connections on a VPS.

A bigger question remains: How do you port all of your TOR connections through SSH? A few configuration changes must be made. Also, a proxy must be established in order to achieve an anonymous SSH session with TOR.

Luckily, all of this is really easy to configure.In case you haven’t installed TOR yet, you may want to go ahead and do so. The instructions for installing TOR has been published numerous times online. Here is a recap of how to get TOR installed:

Source: Using a Ubuntu/Debian VPS to Establish Anonymous SSH sessions with TOR – Low End Box

NSA broke trillions of encrypted connections due to a flawSecurity Affairs

A flaw affecting the way encryption software implements the Diffie-Hellman key exchange algorithm allowed NSA to break trillions of encrypted connections.

Edward Snowden has revealed to the world that the NSA was able to crack also the almost encryption to conduct a large-scale online surveillance. According to Snowden, the intelligence Agency was able to decrypt and intercept nearly Trillions of Internet connections. The US cyber spies were able to spy on every connection, including VPN ones, SSH and HTTPs were not able to protect netizens from prying eyes.

How was it possible?

Source: NSA broke trillions of encrypted connections due to a flawSecurity Affairs