lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: jonathan at (Jonathan A. Zdziarski)
Subject: SSH Exploit Request

> `As do I.  Maybe I've just been reading comp.risks for too many years, but what
> I objected to was the "it's *perfectly* safe..." attitude that some were
> projecting.  The older readers on this list probably remember a movie trailer
> with the line
> "and nothing can possibly go wrong.. go wrong.. go wrong.. go wrong...."

I think it was around version 3.0.1 where the bright folks working on
the ssh project released a version where you could log in as any user by
providing any password of two characters in length...which was either
extremely stupid or extremely intentional.  Don't let anyone ever make
you feel paranoid.

Powered by blists - more mailing lists