| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Jul 2009 11:33:01 -0400 From: Kevin Wilcox <kevin.wilcox@...il.com> To: Charles Majola <charles.lists@...il.com> Cc: full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: [Rumor] SSH 0-day 2009/7/9 Charles Majola <charles.lists@...il.com>: > >From the LWN article (OpenSSH maintainer Damien Miller), its probably > not real, well just have to wait and see Agreed. Even if you *do* believe the secer site, look at the particulars. It's a brute force. Properly configure your ssh servers (including rate-limiting, key based authentication and user@...t allow statements) and file this under a non-issue. Of course this is all theoretical so far so I suppose everyone is free to wring their hands and gnash their teeth as much as they wish over this. kmw -- To take from one, because it is thought that his own industry and that of his fathers has acquired too much, in order to spare to others, who, or whose fathers have not exercised equal industry and skill, is to violate arbitrarily the first principle of association, ‘the guarantee to every one of a free exercise of his industry, & the fruits acquired by it.' _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists