[nycbug-talk] openssh 0 day?

Isaac Levy isaac at diversaform.com
Thu Jul 9 15:38:38 EDT 2009


On Jul 9, 2009, at 12:23 PM, Pete Wright wrote:
> On 9-Jul-09, at 8:54 AM, George Rosamond wrote:
>> Bill Totman wrote:
>>>
>>>      gr> But sshd v 4.3?
>>>
>>>       _
>>>   arhhahaar 3zpl0it iz unr334l.
<snip>
>>> Esperanto?
>>>
>>> I'm just saying.
<snip>
>> Well. . . back to the main point about the apparent exploit.
>>
<snip>
>> FUD.  Nothing.
>>
>> http://isc.sans.org/diary.html?storyid=6760&rss
>> http://lwn.net/Articles/340483/
>>
<snip>
>> 0day exploit with a widely used
>> daemon.
>>
>> I wonder how much hassle was
>> caused by it.
<snip>
> looked pretty fishy from the get-
> go - i do like to keep an eye on this stuff just as an added layer of
> paranoia and curiosity.

Regardless of if they cried a bit of wolf, I personally think it was  
appropriate.

Anyone remember,
http://lists.nycbug.org/pipermail/talk/2005-September/006865.html

I'm personally going to release my SSH protocol exploits Jan 1, 2012  
and see what happens...  Muahahahaha.

But seriously, for an app like OpenSSH (and the SSH protocol), which  
is understatedly so critical to everything, why not be a bit paranoid?

http://nmap.org/images/matrix/matrix-poster-jsolomon-small.jpg

Rocket-
.ike





More information about the talk mailing list