Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Rumor] SSH 0-day

From: Kevin Wilcox <kevin.wilcox () gmail com>
Date: Thu, 9 Jul 2009 11:33:01 -0400
2009/7/9 Charles Majola <charles.lists () gmail com>:


From the LWN article (OpenSSH maintainer Damien Miller), its probably

not real, well just have to wait and see


Agreed.

Even if you *do* believe the secer site, look at the particulars. It's
a brute force. Properly configure your ssh servers (including
rate-limiting, key based authentication and user@host allow
statements) and file this under a non-issue.

Of course this is all theoretical so far so I suppose everyone is free
to wring their hands and gnash their teeth as much as they wish over
this.

kmw

-- 
To take from one, because it is thought that his own industry and that
of his fathers has acquired too much, in order to spare to others,
who, or whose fathers have not exercised equal industry and skill, is
to violate arbitrarily the first principle of association, ‘the
guarantee to every one of a free exercise of his industry, & the
fruits acquired by it.'

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: