|
|
|
|
|
|
by pera
958 days ago
|
|
|
> We also carry out a retrospective analysis of historical SSH scan data collected over the course of seven years, and find that these invalid signatures and vulnerable devices are surprisingly common over time. > Our combined dataset of around 5.2 billion SSH records contained more than 590,000 invalid RSA signatures. Am I reading this right? This is about 1 in 10_000, this is way more common that what I would have imagined |
|
|
Such bugs tend to show up in crappy IoT hardware. IoT hardware often comes in large numbers.
If you scan the IPv4 space for SSH hosts, most of the ones you'll find are IoT hardware.