Full Disclosure mailing list archives
Re: [Rumor] SSH 0-day
From: Kevin Wilcox <kevin.wilcox () gmail com>
Date: Thu, 9 Jul 2009 11:33:01 -0400
2009/7/9 Charles Majola <charles.lists () gmail com>:
From the LWN article (OpenSSH maintainer Damien Miller), its probablynot real, well just have to wait and see
Agreed. Even if you *do* believe the secer site, look at the particulars. It's a brute force. Properly configure your ssh servers (including rate-limiting, key based authentication and user@host allow statements) and file this under a non-issue. Of course this is all theoretical so far so I suppose everyone is free to wring their hands and gnash their teeth as much as they wish over this. kmw -- To take from one, because it is thought that his own industry and that of his fathers has acquired too much, in order to spare to others, who, or whose fathers have not exercised equal industry and skill, is to violate arbitrarily the first principle of association, ‘the guarantee to every one of a free exercise of his industry, & the fruits acquired by it.' _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [Rumor] SSH 0-day Martin Spinassi (Jul 08)
- Re: [Rumor] SSH 0-day Ben Rosenberg (Jul 08)
- Re: [Rumor] SSH 0-day Anderson Kaiser (Jul 08)
- Re: [Rumor] SSH 0-day frank^2 (Jul 08)
- <Possible follow-ups>
- Re: [Rumor] SSH 0-day Kaspar Mendev (Jul 09)
- Re: [Rumor] SSH 0-day James Matthews (Jul 09)
- Re: [Rumor] SSH 0-day Charles Majola (Jul 09)
- Re: [Rumor] SSH 0-day Kevin Wilcox (Jul 09)
- [Rumor] SSH 0-day Kevin Wilcox (Jul 09)
- Re: [Rumor] SSH 0-day James Matthews (Jul 09)