Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
FW: [ISN] OpenSSH flaw is a hoax warn researchers
- From: Howell, Paul
- Date: Fri Jul 10 09:45:13 2009
-----Original Message-----
From: isn-bounces@infosecnews.org [mailto:isn-bounces@infosecnews.org]
On Behalf Of InfoSec News
Sent: Friday, July 10, 2009 4:50 AM
To: isn@infosecnews.org
Subject: [ISN] OpenSSH flaw is a hoax warn researchers
http://www.techworld.com/security/news/index.cfm?newsID=118941
By Jeremy Kirk
IDG news service
10 July 2009
Security researchers have warned that a reported flaw in OpenSSH (Secure
Shell) is a probable hoax.
Earlier this week, SANS received an anonymous email claiming of a
zero-day vulnerability in OpenSSH, which means a flaw in the software is
already being exploited as it becomes public. OpenSSH (Secure Shell), is
used by administrators to make encrypted connections with other
computers and do tasks such as remotely updating files. OpenSSH is the
open-source version, and there are commercial versions of the program.
A true zero-day vulnerability in OpenSSH could be devastating for the
Internet, allowing hackers to have carte blanche access to servers and
PCs until a workaround or a patch is readied.
"That's why I think people are actually creating quite a bit of a
panic," said Bojan Zdrnja, a SANS analyst and senior information
security consultant at Infigo, a security and penetration testing
company in Zagreb, Croatia. "People should not panic right now. Nothing
at this time points that there is an exploit being used in the wild."
[...]
------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------
|
