Re: OpenSSH vulnerability?
On Thu, Jul 9, 2009 at 4:03 PM, Michael ODonnell michael.odonn...@comcast.net wrote: I'm not sure how widespread it is, but I know that ANHosting (MidPhase) is blocking it entirely. And they've got no ETA for when they'll put it back so far. I guess they're waiting for details and patches about the exploit to be released... ugh. HostGator has disabled OpenSSH support for now. No ETA for restoration either. Hey! cool - if this FUD approach is so effective maybe we can use it to rid the world of some other scourges. Like what if we very coyly insinuated that there *might* be one or two flaws in Microsoft Windows that could allow millions of machines to become enslaved in botnets controlled by genuinely malicious people who rent them out to others bent on causing actual measurable harm? Ssss! we could provide details but we're not gonna, cuz it's a secret... __ It hasn't worked agains MS yet... ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: OpenSSH vulnerability?
Hey! cool - if this FUD approach is so effective maybe we can use it to rid the world of some other scourges. Like what if we very coyly insinuated that there *might* be one or two flaws in Microsoft Windows[...] It hasn't worked agains MS yet... Right - that was my (possibly too-subtle) point - how frustrating it is that a useful and robust tool like OpenSSH is thrown under the bus by those ISPs after one unsubstantiated whiff of FUD, yet despite the many documented Windows vulnerabilities they apparently never consider using anything else. And never once, BTW, in all the news accounts I've heard about the ongoing DOS attacks, have any of the talking heads mentioned that the zombie machines comprising the bot-nets are (mostly?) all running Microsoft Windows. Didn't their parents teach them that it's important to give credit where it's due... ;- ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: OpenSSH vulnerability?
On Thursday 09 July 2009 03:28:10 pm Dan Jenkins wrote: I'm not sure how widespread it is, but I know that ANHosting (MidPhase) is blocking it entirely. And they've got no ETA for when they'll put it back so far. I guess they're waiting for details and patches about the exploit to be released... ugh. HostGator has disabled OpenSSH support for now. No ETA for restoration either. Damn. I hadn't noticed HostGator did it. And I just signed up with them recently. Argh. AN/Midphase has at least informed me they expect to turn it back on sometime today. -N ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: OpenSSH vulnerability?
On Wed, Jul 8, 2009 at 9:18 PM, Michael ODonnellmichael.odonn...@comcast.net wrote: This *might* be an indication of what it's about: http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt That gets mention on the OpenSSH security page[1], but they say it was fixed in 5.2, which was released back in Feb 2009[2]. [1] http://www.openssh.com/security.html [2] http://www.openssh.com/openbsd.html -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: OpenSSH vulnerability?
From http://isc.sans.org today: For the last couple of days we've been all witnesses of FUD surrounding a supposed 0-day exploit for OpenSSH skyrocketing. At this moment, it definitely looks like we're dealing with a hoax – even more, it's not the first time someone said they have a 0-day exploit for SSH. OpenSSH 0day FUD http://isc.sans.org/diary.html?storyid=6760 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: OpenSSH vulnerability?
On Thu, Jul 9, 2009 at 1:48 PM, Dan Jenkinsd...@rastech.com wrote: OpenSSH 0day FUD http://isc.sans.org/diary.html?storyid=6760 I see. It does sound like OpenSSH has a vulnerability here: ... this was even enough for some web hosting companies to *shut down* their SSH service ... Someone perpetrated a successful DDoS attack against OpenSSH servers. Of course, the attack vector was human fears, and the technique social engineering. It's hard to patch OpenSSH against that. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: OpenSSH vulnerability?
On Thursday 09 July 2009 02:38:18 pm Ben Scott wrote: Someone perpetrated a successful DDoS attack against OpenSSH servers. Of course, the attack vector was human fears, and the technique social engineering. It's hard to patch OpenSSH against that. I'm not sure how widespread it is, but I know that ANHosting (MidPhase) is blocking it entirely. And they've got no ETA for when they'll put it back so far. I guess they're waiting for details and patches about the exploit to be released... ugh. -N ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: OpenSSH vulnerability?
Neil Joseph Schelly wrote: On Thursday 09 July 2009 02:38:18 pm Ben Scott wrote: Someone perpetrated a successful DDoS attack against OpenSSH servers. Of course, the attack vector was human fears, and the technique social engineering. It's hard to patch OpenSSH against that. I'm not sure how widespread it is, but I know that ANHosting (MidPhase) is blocking it entirely. And they've got no ETA for when they'll put it back so far. I guess they're waiting for details and patches about the exploit to be released... ugh. HostGator has disabled OpenSSH support for now. No ETA for restoration either. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: OpenSSH vulnerability?
I'm not sure how widespread it is, but I know that ANHosting (MidPhase) is blocking it entirely. And they've got no ETA for when they'll put it back so far. I guess they're waiting for details and patches about the exploit to be released... ugh. HostGator has disabled OpenSSH support for now. No ETA for restoration either. Hey! cool - if this FUD approach is so effective maybe we can use it to rid the world of some other scourges. Like what if we very coyly insinuated that there *might* be one or two flaws in Microsoft Windows that could allow millions of machines to become enslaved in botnets controlled by genuinely malicious people who rent them out to others bent on causing actual measurable harm? Ssss! we could provide details but we're not gonna, cuz it's a secret... ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: OpenSSH vulnerability?
On 07/09/2009 02:38 PM, Ben Scott wrote: Someone perpetrated a successful DDoS attack against OpenSSH servers. Of course, the attack vector was human fears, and the technique social engineering. It's hard to patch OpenSSH against that. Commodity vendors who shut off service at the first sign of rumor will find they have two types of customers - those who think the paranoid stance is most prudent, and those who are currently adding their new hoster to their DNS records. That's probably a good kind of market segregation. -Bill -- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 http://www.bfccomputing.com/Cell: 603.252.2606 Twitter, etc.: bill_mcgonigle Page: 603.442.1833 Email, IM, VOIP: b...@bfccomputing.com Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
OpenSSH vulnerability?
I've been looking around for more information about OpenSSH's rumored vulnerability. I guess I'm just out of the underground loop for security exploits. The best I can find is just the obvious rumor stuff at: http://isc.sans.org/diary.html?storyid=6742 Anyone here have any more information? -N ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: OpenSSH vulnerability?
Neil Schelly n...@jenandneil.com writes: I guess I'm just out of the underground loop for security exploits. You can find out a lot of the latest and greatest such stuff by hanging out on #crypto. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: OpenSSH vulnerability?
On Wed, 2009-07-08 at 21:18 -0400, Michael ODonnell wrote: The best I can find is just the obvious rumor stuff at: http://isc.sans.org/diary.html?storyid=6742 Anyone here have any more information? This *might* be an indication of what it's about: http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt ...but that's based on some *very* unscientific rummaging around in on some of the full-disclosure archives, so take it FWIW... ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ Right. It's all speculation and guessing ATM. Also on LWN: http://lwn.net/Articles/340483/ ~k ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/