Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [Rumor] SSH 0-day
From: Kevin Wilcox <kevin.wilcox () gmail com>
Date: Thu, 9 Jul 2009 11:33:01 -0400

2009/7/9 Charles Majola <charles.lists () gmail com>:

From the LWN article (OpenSSH maintainer Damien Miller), its probably
not real, well just have to wait and see

Agreed.

Even if you *do* believe the secer site, look at the particulars. It's
a brute force. Properly configure your ssh servers (including
rate-limiting, key based authentication and user () host allow
statements) and file this under a non-issue.

Of course this is all theoretical so far so I suppose everyone is free
to wring their hands and gnash their teeth as much as they wish over
this.

kmw

-- 
To take from one, because it is thought that his own industry and that
of his fathers has acquired too much, in order to spare to others,
who, or whose fathers have not exercised equal industry and skill, is
to violate arbitrarily the first principle of association, ‘the
guarantee to every one of a free exercise of his industry, & the
fruits acquired by it.'

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault