Github SSH Public Key Fingerprint Checking

A security vulnerability was discovered at GitHub this week that made it possible for an attacker to add new SSH keys to arbitrary GitHub user accounts. Although there was no known malicious activity using this exploit, they are taking the responsible step to email all their users that have SSH keys associated with their account to verify and approve them before they can be used to clone/pull/push repositories over SSH.

The GitHub audit page looks like this:

GitHub ssh key audit screenshot

Here’s a quick reminder of how to get the fingerprint of your SSH public key using the ssh-keygen command. Use the name of your local public key file that you want to check.

ssh-keygen -lf

The resulting fingerprint will look like:

2048 b5:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:2f  protodave@github (RSA)

If this fingerprint of the local trusted copy of your SSH public key matches the one GitHub shows you, then you are safe to click “Approve”.

Javascript Word Wrapping

I recently needed to do some manual word wrapping (and possibly hyphenation) of strings in JavaScript and found some interesting code projects:

Counting your top WordPress comment spam source IPs and URLs

Photo of a pizza with Spam slices in the shape of the word "SPAM"
Photo Credit: Flickr/Jerry Pank

I launched a new WordPress blog for a client a few months ago and have been watching as comment spammers find the site and do what they do best, leave spam. As the first few spam comments started coming in I would flag them then manually copy/paste the source IPs and URLs to the built-in WordPress “Comment Blacklist“.

Over time I obviously started seeing some duplicates and I noticed bursts of spam from certain IPs or linking to specific spam URLs. I was curious to see what these top IPs and URLs were, as they would seem the best candidates to include in the blacklist.

So, let’s dig around in the database a bit…

Continue reading Counting your top WordPress comment spam source IPs and URLs

Manually triggering Google Apps account transition

Google Apps transition screen

If you want to be an early adopter, and haven’t already automatically been given the option to transition your Google Apps account to the new infrastructure, here’s a handy tip to manually trigger the upgrade process.

Point your browser to the following URL, using your own Google Apps domain name, like so:[]/GoogleAccountUpgrade