Featured Articles

Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot)
Introducing BusKill: A Kill Cord for your Laptop
Crowdfunding on Crowd Supply (Review of my experience)
Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)
Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)
Detecting (Malicious) Unicode in GitHub PRs
WordPress Profiling with XHProf (Debugging & Optimizing Speed)
WordPress Multisite on the Darknet (Mercator .onion alias)
Hardening Guide for phpList
previous arrow
next arrow

Mitigating Poisoned PGP Certificates (CVE-2019-13050)

Cert Flooding Featured Image

This article will describe PGP Certificate Flooding attacks as well as inform the reader

How to detect if you have a poisoned certificate in your keyring, How to identify & clean the poisoned cert, and How to update the configuration to prevent it from importing poisoned certs in the future

Last month, an attacker spammed several high-profile PGP certificates with tens of thousands (or hundreds of thousands) of signatures (CVE-2019-13050) and uploaded these signatures to the SKS keyservers.

Without looking very deep, I quickly stumbled on 4 keys that were attacked last month:

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Mitigating Poisoned PGP Certificates (CVE-2019-13050)

Sabayon, KDE, and Evolution

I recently reformatted my hard drive–switching from pure Gentoo to the Sabayon fork. Sabayon did for Gentoo what Ubuntu did for Debian. It’s generally a lot easier to use, but–unlike Ubuntu–it doesn’t sacrifice functionality for ease-of-use.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Sabayon, KDE, and Evolution