Slashdot Mirror

← Back to Stories (view on slashdot.org)

Serious Security Hole In PuTTY

Posted by timothy on from the and-now-it's-fixed dept.

Tim 'gk^' Nilimaa writes "A serious security hole has been found in PuTY, version 0.54 and before. Simon Tatham and his fellows released PuTTY 0.55 on 2004-08-03 which solves this bug. The bug may allow servers to use PuTTY to act as a machine that you trust, even beforce you verify the hosts key while connecting using SSH2. An attack could be a fact before you know that you have connected to the wrong machine. I (and they) say: upgrade to PuTTY 0.55 - now."

5 of 72 comments (clear)

  1. Recent SSH chatter... by dpilot · · Score: 3, Funny

    I've heard lately about a lot more SSH chatter showing up than normal. There's been some speculation about an exploit turning up, soon. Perhaps this is it.

    Or maybe there's Yet More To Come.

    --
    The living have better things to do than to continue hating the dead.
  2. Re:Clarification by whoisjoe · · Score: 5, Funny

    Actually, my client machine has been acting kind of weird lately. I think it's plotting against me, trying to turn my family and friends against...hey what are you do-OW!

    THERE IS NOTHING TO FEAR. ALL IS WELL. NOTHING TO SEE HERE. PLEASE KEEP MOVING.

  3. Re:Clarification by dstone · · Score: 3, Funny

    Well, of course you trust your client machine.

    Not if my client machine runs Windows.

  4. You know ... by Sonic+McTails · · Score: 2, Funny

    I was expecting BrICk 1.0 .... (It's a joke, laugh !)

    --
    This signature was left intentionally blank.
  5. Re:Clarification by AuMatar · · Score: 2, Funny

    I wouldn't do that Dave.

    --
    I still have more fans than freaks. WTF is wrong with you people?