lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: jonathan at nuclearelephant.com (Jonathan A. Zdziarski) Subject: SSH Exploit Request > `As do I. Maybe I've just been reading comp.risks for too many years, but what > I objected to was the "it's *perfectly* safe..." attitude that some were > projecting. The older readers on this list probably remember a movie trailer > with the line > > "and nothing can possibly go wrong.. go wrong.. go wrong.. go wrong...." I think it was around version 3.0.1 where the bright folks working on the ssh project released a version where you could log in as any user by providing any password of two characters in length...which was either extremely stupid or extremely intentional. Don't let anyone ever make you feel paranoid.