11/3 Is the latest ssh bug really worth deinstalling it? My friend and
I are having an arguement over this point. A URL on the subject:
http://news.freshmeat.net/readmore?f=ssh-vulnerability --ssh h0zer
\_ No definetly exploitable vulnerability has been found yet
Until one is, you're much better off using it than not
\_ Your machine is safer with no login mechanisms, not even
ssh. In fact, its even more secure if you unplug it from
the net, unplug it from power, lock it in a safe, and bury
\_ Your machine is safer with no login mechanisms, not eve
\_ But even then your host can still be easily compromised
through the use of brute-force methods. If you're really
concerned, the best solution is to not buy a computer at
ssh. In fact, its even more secure if you unplug it fro
the net, unplug it from power, lock it in a safe, and bur
that safe beneath your home
\_ but then I miss out on all the cash I get from
\_ But even then your host can still be easily compromise
\_ IBM has specially denied the assertion that it had ever
uncovered an exploitable bug in ssh, and is complaining
about rootshell's unethical use of a minor advisory which
does not appear to detail any real security threat. So the
through the use of brute-force methods. If you're reall
concerned, the best solution is to not buy a computer a
all. Go outside and enjoy the blue sky and sunshine -
you'll have all that extra pocket cash to take with you
\_ fresh air smells funny. i think i'll stay inside soda
\_ but then I miss out on all the cash I get fro
cracking other peoples' ssh-guarded firewalls
\_ IBM has specially denied the assertion that it had eve
uncovered an exploitable bug in ssh, and is complainin
about rootshell's unethical use of a minor advisory whic
does not appear to detail any real security threat. So th
people who supposedly found the bug say there is none |
http://csua.com/feed/