[ale] Known SSH exploits?
Stuffed Crust
pizza at shaftnet.org
Mon Oct 14 10:13:01 EDT 2002
On Mon, Oct 14, 2002 at 09:52:32AM -0400, Jim Popovitch wrote:
> Geeze People.... Yes, SSH has it's vulnerabilities... the problem is not
> that they can't be patched/fixed, but rather keeping up with all the
> possible different versions of SSH and the servers supporting SSH. Plus,
Um, that's what your IT department is paid to keep track of. But let me
keep it simple. (1) Newer version (almost always) better. (2) 'ssh -V'
tells what version you have installed.
What, you don't have a mechanism in-place to push updates to your
machines? Tsk, tsk.
> where is there a reliable source of SSH debs,rpms,pkgs,msis,etc. It can
> easily be argued that no security is better than false security.
ftp.openbsd.org? They have the source tarballs (of course) but also
have RPMs. And you mean to tell me that www.debian.org isn't a
"reliable source" of SSH .deb packages?
> My Guess: Given the company in question, and their involvement with Fed
> contracts, the more likely case is that the company is abandoning external
> SSH access in favor of a easily maintained VPN solution.
"Easily Maintained" means what, exactly?
You still have to worry about what versions are installed on the clients
and servers, you still have to worry about security holes.
- Pizza
--
Solomon Peachy pizza at f*cktheusers.org
I'm not broke, but I'm badly bent. ICQ #1318344
Patience comes to those who wait. Melbourne, FL
Quidquid latine dictum sit, altum viditur
PGP signature
More information about the Ale
mailing list