New ssh Exploit in the Wild
veg writes "In the last few hours there have been several reports of a new ssh bug, with an exploit seemingly in the wild. Oh god not again... The lengths some people will goto to try and damage Theo's pride." Update: 09/17 00:24 GMT by T : friscolr writes "Hot on the heels of rev 1 of the buffer.adv advisory, here is revision 2, which fixes more than revision 1 did. Also see the 3.7.1 release notes."
Best patch and upgr..&*[NO CARRIER]
Posting this to slashdot is actually a public service, as the exploit description will be /.'d and unable to effectively be disseminated to the bad actors.
Thank god I'm using something secure like Telnet instead.
Damn trinity and her sshnuke...
A librarian peeked around the corner to see where the noise was coming from, then put her finger to her lips and said, "Ssh!"
The kids ignored her and kept talking, completely and utterly exploiting the hole, and circumventing the 'Ssh'!
Never was I so frightened.
Patrick Doyle
I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
I just read all these replies (about 15 right now) and all of them are nice and respectfull of the fact that this guy is a newbie!
I must be on the wrong site.
NarratorDan
"If you're not confused by quantum mechanics, you really don't understand it." - Niels Bohr
Ssh, don't tell anyone.
Omnis amans amens
You are already running windows. You have more serious problems.
...why I always go back and add security holes to all of my programs. If some future (or current) anti-regime hacker needs to be able to break into a local power plant, I want to make sure my code can help!
[I considered signing this post "love, Theo" but then thought better of it.]
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
A demonstration would be nice.
:-)
It'd serve you right if he gave you one.
The only really secure server is buried in concrete, unlugged and at the bottom of the deepest trench in the ocean. It's *probably* secure there, but I wouldn't bet my life on it.
That's okay, I will.
I bet this guy's life that a server on the bottom of the ocean is secure.
Yeah those "NO CARRIER" jokes just aren't fun@~%4!.z^%r#$% NO CARRIER
Life is too short to proofread.
Something you seem to have missed is that Linux is open source, making it much easier to find exploitable holes. Imagine how many exploits would be uncovered in Windows if we could read the source code.
In fact, you don't need to imagine it. Microsoft are on the record as stating that it's one of the reasons why they can't possibly reveal Windows source mode widely.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
1. Make lsh incompatible w SCO UNIX
2. ???
3. WTF?
4. Profit!!!
how long until
I think you mean:
Gentoo
don't you automatically trust flyingbuttmonkeys.com?
It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
120 character sigs suck. Make it 250.