New Vulnerabilities in Portable OpenSSH

An anonymous reader writes "The OpenSSH team has uncovered multiple exploitable vulnerabilities in the days-old portable release of OpenSSH. That's right folks: time to patch *again*. 3.7.1p2 is now available. Instructions and mirror list here. Please note that this vulnerability only affects *portable* OpenSSH--so if you are running OpenBSD, you're safe. This vulnerability apparently has to do with PAM, so you can use the 'UsePam no' option in your config file. Info on the advisory here and here."

The USA is dying!

It is official; UN Statistics now confirms: the USA is dying.

One more crippling bombshell hit the already beleaguered USA when president Bush confirmed that their markets have dropped yet again, now down to less than a fraction their value when he began his term. Coming on the heels of a recent UN survey which plainly states that America has lost its way, this news serves to reinforce what we've known all along. America is collapsing in complete disarray, as fittingly exemplified by being the most hated nation in the world.

You don't need to be a foreigner to predict America's future. The hand writing is on the wall: America faces a bleak future. In fact there won't be any future at all for Americans because the USA is dying. Things are looking very bad for America. As many of us are already aware, as the American economy continues to collapse.

Red ink flows like a river of blood. For all practical purposes, all Americans are dead, or at least should be.

Told you so

I knew it! Ha ha ha.

Re:Reasons not to use PAM

AHAHAHAHAHAHHAHAHAHAHAHAHAHHAAAAAAAAAAAAAHAHAHAHAH AHAHA

--
Lameness filter encountered. Post aborted!
Reason: Don't use so many caps. It's like YELLING.

Re:Incapable developers!

What a pile of broken shit. If they can't code and secure it then they should think about changing the job. Maybe backery or farmer would suit them better.

Go back to Germany, you stupid Nazi farmer.

Time for less windows bashing?

[SteWhite]

Note: This post is not intended as a troll or flamebait, I'm merely stating my opinion, which is this:

When this kind of thing can happen with such important and widely used open source software, I think people should take a moment to consider being more lenient towards Microsoft and their endless patches.

I'm not saying that MS products are in any way more secure than their OSS equivalents, indeed they are most likely less secure, but we need to remember that theirs are not the only insecure programs in the world. Take heed people.

Inefficient!

[Akardam]

You backspaced twice, but you only needed to replace the 5 with 0, thus only needing to erase one of the characters. Hence:

15^H0 minutes without a remote root exploit!

... oh, wait. You were doing that for illustratory purposes...

I reeealy need to get a life...

All the more reason for Microsoft bashing

[Dan+Ost]

Microsoft could learn something from this. The OpenSSH team finds a problem,
announces it, and makes a fix available. Then they identify similar problems,
announce them, and make fixes available.

Microsoft seems to follow one of three different procedures depending on
circumstances:
1. ignore the problem until there's an exploit and public outcry
2. quietly release a fix and then advertise it when there's an exploit and
public outcry
3. leave the problem unfixed in order to force people to upgrade

I say we bash Microsoft until they start designing their products with
security in mind.