[nycbug-talk] openssh 0 day?

Pete Wright pete at nomadlogic.org
Thu Jul 9 12:23:32 EDT 2009


On 9-Jul-09, at 8:54 AM, George Rosamond wrote:

> Bill Totman wrote:
>>
>>       gr> But sshd v 4.3?
>>
>>        _
>>    arhhahaar 3zpl0it iz unr334l.  my namez carton und ir u|\|aphr4i|>
>>    on p0r|
>>    22 bc n0 1 can hakxz0r my big-endian LP64 zystemsz!!!1!11!!  ze  
>> ph33r
>>    iz 1n ze m4i1.  wif 4 ph33rzt4|\/|Pz 0n 1t.
>>
>>
>> Would it have been faster to first learn and then write that in  
>> Esperanto?
>>
>> I'm just saying.
>>
>
> Well. . . back to the main point about the apparent exploit.
>
> FUD.  Nothing.
>
> http://isc.sans.org/diary.html?storyid=6760&rss
>
> Damien Miller's reply breaks down the 'exploit'
>
> http://lwn.net/Articles/340483/
>
> I would expect the security site to do a bit more research in posting
> such stuff. . . especially when it's a 0day exploit with a widely used
> daemon.
>
> That blog has a lot of credibility, and I wonder how much hassle was
> caused by it.


thanks for the url's gman.  regardless of how cool alex is (thanks for  
reminding me - i forgot!) and how it looked pretty fishy from the get- 
go - i do like to keep an eye on this stuff just as an added layer of  
paranoia and curiosity.

-pete



More information about the talk mailing list