[ale] Known SSH exploits?
Amarendra Godbole (Intl Vendor)
v-amarg at microsoft.com
Mon Oct 14 08:55:28 EDT 2002
It is like declining to use sendmail, 'cause it is probably the most
exploited s/w, and using something else instead <chuckle>.
-a
--
Amarendra A. Godbole / Microsoft ``Services For UNIX'' / These opinions
are _MINE_.
You are the sum total of the choices you make.
> -----Original Message-----
> From: John Wells [mailto:jb at sourceillustrated.com]
> Sent: Monday, October 14, 2002 6:20 PM
> To: dana at slothlovechunk.org
> Cc: ale at ale.org
> Subject: Re: [ale] Known SSH exploits?
>
>
> Um...I'll take this opportunity to point out that on its worst day,
> exploits or not, ssh it 100 times as secure as telnet.
>
> Man, someone at your company just ain't thinking right ;-)
>
> John
>
> Dana Powers said:
> > Well, for one, if you are going to try to keep your company
> nameless,
> > you should a) probably not send from a corporate account,
> b) at least
> > remove the give-away .sig .
> > I mean, how hard is it to just 'telnet' to an external
> machine and mail
> > from there ;)
> >
> > Seriously though, SSH has had its share of bug exploits,
> but like most
> > other projects, if you keep them up to date, you'll be ahead of the
> > curve. As for algorithmic exploits, yes, the original SSH protocol,
> > version 1, has been shown to be vulnerable in a few ways.
> Most people
> > feel very safe with SSH protocol 2 using the current
> OpenSSH, however.
> > There was a week or so, fairly recently, where it seemed
> like there was
> > a new ssh exploit every day - Im not sure why this was, but
> that may be
> > the stem of uncertainty your employer is clinging to.
> >
> > dpk
> >
> > ----- Original Message -----
> > From: "Jeff Layton" <jeffrey.b.layton at lmco.com>
> > To: <ale at ale.org>
> > Sent: Monday, October 14, 2002 7:26 AM
> > Subject: [ale] Known SSH exploits?
> >
> >
> >> Good morning,
> >>
> >> Corporate security where I work (who shall remain nameless
> >> for the moment :) has decreed that SSH is to be outlawed
> because there
> >> are known exploits. I'm starting to do a little
> investigation on this
> >> issue, but I know there are some security experts on the list who
> >> might be able to shed some light on this (Bob T. are you there? :)
> >> Just to add a little comedy to your morning, SSH is outlawed,
> >> but telnet is allowed and encouraged.
> >>
> >>
> >> TIA,
> >>
> >> Jeff
> >>
> >>
> >> --
> >>
> >> Jeff Layton
> >> Senior Engineer
> >> Lockheed-Martin Aeronautical Company - Marietta
> >> email: jeffrey.b.layton at lmco.com
> >>
> >> "Is it possible to overclock a cattle prod?" - Irv Mullins
> >>
> >> This email may contain confidential information. If you have
> > received this
> >> email in error, please delete it immediately, and inform me of the
> > mistake by
> >> return email. Any form of reproduction, or further dissemination of
> > this
> >> email is strictly prohibited. Also, please note that opinions
> > expressed in
> >> this email are those of the author, and are not
> necessarily those of
> > the
> >> Lockheed-Martin Corporation.
> >>
> >>
> >>
> >>
> >> ---
> >> This message has been sent through the ALE general discussion list.
> >> See http://www.ale.org/mailing-lists.shtml for more info. Problems
> > should be
> >> sent to listmaster at ale dot org.
> >>
> >>
> >>
> >
> >
> > ---
> > This message has been sent through the ALE general
> discussion list. See
> > http://www.ale.org/mailing-lists.shtml for more info.
> Problems should be
> > sent to listmaster at ale dot org.
>
>
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info.
> Problems should be
> sent to listmaster at ale dot org.
>
>
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list