Featured Articles

Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)
Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)
Hardening Guide for phpList
Detecting (Malicious) Unicode in GitHub PRs
WordPress Multisite on the Darknet (Mercator .onion alias)
Crowdfunding on Crowd Supply (Review of my experience)
WordPress Profiling with XHProf (Debugging & Optimizing Speed)
Introducing BusKill: A Kill Cord for your Laptop
Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot)
previous arrow
next arrow

Mitigating Poisoned PGP Certificates (CVE-2019-13050)

By Michael Altfield, on July 14th, 2019
Cert Flooding Featured Image

This article will describe PGP Certificate Flooding attacks as well as inform the reader

How to detect if you have a poisoned certificate in your keyring, How to identify & clean the poisoned cert, and How to update the configuration to prevent it from importing poisoned certs in the future

Last month, an attacker spammed several high-profile PGP certificates with tens of thousands (or hundreds of thousands) of signatures (CVE-2019-13050) and uploaded these signatures to the SKS keyservers.

Without looking very deep, I quickly stumbled on 4 keys that were attacked last month:

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Mitigating Poisoned PGP Certificates (CVE-2019-13050)

9 comments  

Sabayon, KDE, and Evolution

By Michael Altfield, on May 10th, 2009

I recently reformatted my hard drive–switching from pure Gentoo to the Sabayon fork. Sabayon did for Gentoo what Ubuntu did for Debian. It’s generally a lot easier to use, but–unlike Ubuntu–it doesn’t sacrifice functionality for ease-of-use.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Sabayon, KDE, and Evolution

Leave a comment