Re: [ILUG] openssh vulnerability

From: Aidan Kehoe (kehoea at domain parhasard.net)
Date: Tue 25 Jun 2002 - 13:55:30 IST

• Next message: Aj McKee: "[ILUG] Fw: [OT] STAY - Was Open SSH crap"
• Previous message: Paul Jakma: "RE: [ILUG] openssh vulnerability"
• In reply to: kevin lyda: "Re: [ILUG] openssh vulnerability"
• Next in thread: Rick Moen: "Re: [ILUG] openssh vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

 Ar an 25u la de mi 6, scriobh kevin lyda :

> another interpretation is this:
>
> if the openssh team releases a patch today, the crackers will know the
> vulnerability immediately. if the openssh team releases privsep across
> the ports (which appears to also stop the attack), then the crackers
> are no wiser.
>
> the "vulnerability clock" starts ticking the moment a patch comes out
> that directly addresses the problem. privsep will protect systems,
> but not directly give away the vulnerability.

The Alan Cox "Theo might be feeding everyone a trojan" thing is dead
funny, though.

-- 
I'm not a pheasant plucker / I'm a pheasant plucker's son.
I'm just a'plucking pheasants / 'Til the pheasant plucker comes.

• Next message: Aj McKee: "[ILUG] Fw: [OT] STAY - Was Open SSH crap"
• Previous message: Paul Jakma: "RE: [ILUG] openssh vulnerability"
• In reply to: kevin lyda: "Re: [ILUG] openssh vulnerability"
• Next in thread: Rick Moen: "Re: [ILUG] openssh vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:17:30 GMT