[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 woo. at last something from openssh.org: "A yet undisclosed vulnerability exists in OpenSSH. You are strongly encouraged to upgrade immediately to OpenSSH 3.3 with the UsePrivilegeSeparation option enabled. Privilege Separation blocks this problem. Keep an eye out for the upcoming OpenSSH 3.4 release on Monday that fixes the vulnerability itself." I'm not normally someone to moan at the speed in which vunrabilites are fixed - - but....6 DAYS??? what the hell are they up to? at least ASF responded in ~ 2 days (even though they knew about it for 3 weeks before that) I've seen a few scannings today on port 22, and i've been informed that backhats do have a exploit in the wild. It may be an idea for people who don't run a public server to move ssh to another port until 3.4 comes out, it'll at least save you from automated exploits that scan whole network ranges... although it really is security through obscurity. ok, and why the flying furby isn't theo de raadt PGP signing his messages? <http://www.linuxweeklynews.com/Articles/3322/> ARGH ~ Theo, a stressed g[r]eek. - -- Theo Zourzouvillys http://zozo.org.uk/ Your object is to save the world, while still leading a pleasant life. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9GPNg448CrwpTn6YRAnc/AJwLKDSMReVeLgtQtX+1DzX69lW1sgCg6mG1 Ztk6kdHhzvDqBl0FMFvcoFU= =zr9t -----END PGP SIGNATURE----- -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.