Hello and welcome to the Monday, March 27th, 2003 edition of the Sandsenet Storms Center's Stormcast. My name is Johannes Ulrich and that I'm recording from Jacksonville, Florida.

Well, we do have an update from Microsoft regarding the issues with ineffectively cropping images in the Windows 11

Snipping tool.

There is an update available now in the Microsoft store.

There's also an update for the Windows 10 Snippin Sketch tool, which apparently is affected as well.

Seen some reports on Twitter that there are other sort of random image tools that appear

to have been updated.

Not clear if that's just accidental or if that's also related to this problem of cropping

images.

May as well update them. So visit the Microsoft store and see if you have any updates available.

And early on Friday, GitHub did rotate its S.H keys.

Apparently, the original S.S.H.

Key was compromised, or at least was available. Apparently, the original SSH key was compromised, or at least was available publicly,

so that's why they took the step. It only affected the RSA key. The elliptic curve keys

are still good and have not been changed. But if you're using the RSA-SH key, then you may get a

warning that the key changed. So updated, updated properly. I'll link to the GitHub blog regarding

this. Don't just accept sort of random keys that apparently have been updated.

That's, of course, of another weakness of that entire ZH process that developers often don't

verify these ZH keys properly. Not a lot of more details from GitHub, so we don't really know

how long these keys have been publicly accessible

and what their confidence level is that they haven't been compromised.

An attacker could essentially use these keys in order to play then machine.

...