SSH Taking Stand On Vulnerability

jeffy124 writes "SSH Communications is recognizing the vulnerability claim made by UC Berkeley researchers earlier this week. They say it is not a practical threat to the ssh protocol, people can still remain confident in keeping communications over ssh private. While this is true IMO, they are open to and will be researching techniques that would make the standard stronger, along with hopes of lessening this vulnerability."

I don't put a lot of stock.

[Outlyer]

Lest we forget, SSH communications is a commercial vendor, most of which have a notorious reputation for discounting the severity of vunerabilities. Sorry guys, but I'd have a lot more faith in hearing Theo from OpenBSD talk about security implications than a company that sells the "sizzle" of security (albeit with a decent product)

When's the last time you heard a major vendor acknowledge a severe hole was actually severe. They have to worry about the lawsuits, and anything they say could be used in a class action, so while this particular threat isn't outright horrifying, it's likely worse than the spin it's getting from ssh.com.