Entry 21822 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 21822

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2024/11/23 [General] UID:1000 Activity:popular

11/23

2001/7/17 [Computer/SW/Security] UID:21822 Activity:high

7/16    I'm also new to the csua -but not as "social minded" as the previous
        poster.  What problems have you had using ssh1?  I hear ssh1 is
        very vulnerable to certain attacks, but I've never been able to
        get someone claiming this to point me to urls/papers about ssh1
        vulnerabilities.  Is it something inherent in the ssh1 protocol (but
        not in ssh2)?  Googling for "ssh1 vulnerabilities" doesn't seem to
        turn up much.
        \_ Not this all over again.
           \_ No. I don't want flammage about openssh vs ssh1 vs ssh2d.  I
              want facts and urls to papers.
        \_ Take a look at:
           http://www.ssh.com/products/ssh/cert/vulnerability.html
           It has a summary of the cert warnings associated with ssh v1.
           ----ranga
           \_ thank you! - OG poster

2024/11/23 [General] UID:1000 Activity:popular

11/23

You may also be interested in these entries...

2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil

8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...

2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil

8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...

2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil

7/18    "Largest penis record holder arouses security suspicions at airport"
        http://www.csua.org/u/x2f (in.news.yahoo.com)
        \_ I often have that same problem.
        \_ I think the headline writer had some fun with that one.
           \_ One time when I glanced over a Yahoo News headline "U.S. busts
              largest-ever identity theft ring" all I saw was "U.S. busts
	...

2012/4/23-6/1 [Computer/SW/WWW/Browsers] UID:54360 Activity:nil

4/19    My Firefox 3.6.28 pops up a Software Update box that reads "Your
        version of Firefox will soon be vulnerable to online attacks."  Are
        they planning to turn off some security feature in my version of
        Firefox?
        \_ Not as such, no, but they're no longer developing this version,
           so if a 3.6.x-targeted hack shows up, you're not going to get
	...

2011/11/8-30 [Computer/SW/Security, Computer/SW/OS/Windows] UID:54218 Activity:nil

11/8    ObM$Sucks
        http://technet.microsoft.com/en-us/security/bulletin/ms11-083
        \_ How is this different from the hundreds of other M$ security
           vulnerabilities that people have been finding?
           \_ "The vulnerability could allow remote code execution if an
               attacker sends a continuous flow of specially crafted UDP
	...

2011/11/11-30 [Computer/SW/Security] UID:54224 Activity:nil

11/11   MacOSX's Sandbox security hole:
        http://preview.tinyurl.com/7ph2wtg [arstechnica]
	...

2011/2/10-19 [Computer/SW/Security] UID:54034 Activity:nil

2/9     http://www.net-security.org/secworld.php?id=10570
        Summary: iPhone passwd storage is unsafe after all
	...

Cache (1414 bytes)

www.ssh.com/products/ssh/cert/vulnerability.html -> www.ssh.com/company/newsroom/article/210/Company 10 Products 11 Services 12 Solutions 13 Support 14 Partners 15 Investors 16 Sales 17 About SSH 18 Careers 19 Contact Information 20 News Room 21 Public Relations 22 Events 23 News Room 24 Subscribe to Press Release 25 Subscribe to E-mail Newsletter 26 Unsubscribe from E-mail Newsletter News Room Helsinki, Finland - November 7, 2001 SSH statement regarding the vulnerability of SSH1 protocol There are several vulnerability issues with version 1 of the Secure Shell protocol (SSH1). While version 1 of the protocol is deprecated, it is still widely used. SSH Communications Security recommends that everyone switches to using version 2 of the Secure Shell protocol (SSH2). See the deprecation message for more information about the deprecation of the SSH1 protocol. A summary of some of the vulnerabilities in the SSH1 protocol is also available, outlining some of the known vulnerabilities in the SSH1 protocol. The 27 CERT Coordination Center (CERT/CC) has issued a set of vulnerability notes outlining some of the weaknesses found in SSH1. If you are a user of an SSH1-based product, we strongly recommend that you move to using an SSH2-based product as soon as possible. Commercial use on platforms other than the ones listed here requires a commercial license. Please contact our sales or visit our online store for more information. All other names and marks are property of their respective owners.