[PLUG-Devel] HackFest Series: SSH or "Is it Safe Yet"?
Darrin Chandler
dwchandler at stilyagin.com
Tue Nov 25 16:34:42 MST 2008
On Tue, Nov 25, 2008 at 11:18:23PM +0000, Lisa Kachold wrote:
> 10) The most recent is the PLAIN TEXT leak for SSH recently announced
> on CPNI: http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
>
> and this decription:
> http://www.securityfocus.com/archive/1/498558/30/0/threaded
>
> It's probable that exploits for this are already circulating, as
> difficult as it seems to break. a creative use will certainly be
> implemented in conjunction with other tools.
Unless you have more info that seems like a premature assessment.
> Believe it or not there are a great many OLD versions of Protocol 1
> out there in production server portals for highly visable Internet
> providers and corporations (some even with passwords as simple as
> "1234test" or "p at ssword").
This is certainly true and it's entirely preventable.
--
Darrin Chandler | Phoenix BSD User Group | MetaBUG
dwchandler at stilyagin.com | http://phxbug.org/ | http://metabug.org/
http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.PLUG.phoenix.az.us/pipermail/plug-devel/attachments/20081125/4054b5de/attachment.pgp
More information about the PLUG-devel
mailing list