[ale] Known SSH exploits?

John Wells jb at sourceillustrated.com
Mon Oct 14 08:49:54 EDT 2002 

Um...I'll take this opportunity to point out that on its worst day,
exploits or not, ssh it 100 times as secure as telnet.

Man, someone at your company just ain't thinking right ;-)

John

Dana Powers said:
> Well, for one, if you are going to try to keep your company nameless,
> you should a) probably not send from a corporate account, b) at least
> remove the give-away .sig .
> I mean, how hard is it to just 'telnet' to an external machine and mail
> from there ;)
>
> Seriously though, SSH has had its share of bug exploits, but like most
> other projects, if you keep them up to date, you'll be ahead of the
> curve. As for algorithmic exploits, yes, the original SSH protocol,
> version 1, has been shown to be vulnerable in a few ways. Most people
> feel very safe with SSH protocol 2 using the current OpenSSH, however.
> There was a week or so, fairly recently, where it seemed like there was
> a new ssh exploit every day - Im not sure why this was, but that may be
> the stem of uncertainty your employer is clinging to.
>
> dpk
>
> ----- Original Message -----
> From: "Jeff Layton" <jeffrey.b.layton at lmco.com>
> To: <ale at ale.org>
> Sent: Monday, October 14, 2002 7:26 AM
> Subject: [ale] Known SSH exploits?
>
>
>> Good morning,
>>
>>    Corporate security where I work (who shall remain nameless
>> for the moment :) has decreed that SSH is to be outlawed because there
>> are known exploits. I'm starting to do a little investigation on this
>> issue, but I know there are some security experts on the list who
>> might be able to shed some light on this (Bob T. are you there? :)
>>    Just to add a little comedy to your morning, SSH is outlawed,
>> but telnet is allowed and encouraged.
>>
>>
>> TIA,
>>
>> Jeff
>>
>>
>> --
>>
>> Jeff Layton
>> Senior Engineer
>> Lockheed-Martin Aeronautical Company - Marietta
>> email: jeffrey.b.layton at lmco.com
>>
>> "Is it possible to overclock a cattle prod?" - Irv Mullins
>>
>> This email may contain confidential information. If you have
> received this
>> email in error, please delete it immediately, and inform me of the
> mistake by
>> return email. Any form of reproduction, or further dissemination of
> this
>> email is strictly prohibited. Also, please note that opinions
> expressed in
>> this email are those of the author, and are not necessarily those of
> the
>> Lockheed-Martin Corporation.
>>
>>
>>
>>
>> ---
>> This message has been sent through the ALE general discussion list.
>> See http://www.ale.org/mailing-lists.shtml for more info. Problems
> should be
>> sent to listmaster at ale dot org.
>>
>>
>>
>
>
> ---
> This message has been sent through the ALE general discussion list. See
> http://www.ale.org/mailing-lists.shtml for more info. Problems should be
>  sent to listmaster at ale dot org.




---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list