Try "ssh http://whoami.filippo.io " now think "What if that server automatically grabbed key and logged into work." Today's bug: baaaaaaaad.
@sean_a_cassidy It makes the impact of the roaming bug worse, since you can automate exploitation on any compromised hosts netwide.
-
-
@patio11 whoa I must not understand this attack fully yet -
@sean_a_cassidy Attacker roots your WP blog or side project on DO. Attacker replaces SSH w/ EvilSSH, which steals keypair when you connect. - 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.