Entry 21836 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 21836

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2025/05/24 [General] UID:1000 Activity:popular

5/24

2001/7/18 [Computer/SW/Security] UID:21836 Activity:high

7/17    ranga, http://www.ssh.com/products/ssh/cert/vulnerability.html
        is 404 today, but was there yesterday.  What gives? - new guy #2
        \_ Take a look at:
http://www.google.com/search?q=cache:xWSTNSCGxl8:www.ssh.com/products/ssh/cert/vulnerability.html+ssh1+vulnerabilities+cert&hl=en (go google.  fight the power).
        \_ Actually all you really need is:
http://www.google.com/search?q=cache:xWSTNSCGxl8:www.ssh.com/products/ssh/cert/vulnerability.html
           Isn't web caching wonderful? I've also preserved a copy of just
           the text at: http://www.csua.berkeley.edu/~ranga/misc/sshv1.txt
           \_ Is it? http://www.google.com/search?q=cache:www.csua.berkeley.edu/motd
        \_ downright scary.
        \_ re ssh (not google cache) it seems that ssh1 is fine iff
           1. you do not use RC4
           2. you have valid host keys
           \_ There is also an intercept attack, but I'm not sure if
              that was covered in the cert stuff.

2025/05/24 [General] UID:1000 Activity:popular

5/24

You may also be interested in these entries...

2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil

8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...

2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil

8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...

2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil

7/18    "Largest penis record holder arouses security suspicions at airport"
        http://www.csua.org/u/x2f (in.news.yahoo.com)
        \_ I often have that same problem.
        \_ I think the headline writer had some fun with that one.
           \_ One time when I glanced over a Yahoo News headline "U.S. busts
              largest-ever identity theft ring" all I saw was "U.S. busts
	...

2012/4/23-6/1 [Computer/SW/WWW/Browsers] UID:54360 Activity:nil

4/19    My Firefox 3.6.28 pops up a Software Update box that reads "Your
        version of Firefox will soon be vulnerable to online attacks."  Are
        they planning to turn off some security feature in my version of
        Firefox?
        \_ Not as such, no, but they're no longer developing this version,
           so if a 3.6.x-targeted hack shows up, you're not going to get
	...

2011/11/8-30 [Computer/SW/Security, Computer/SW/OS/Windows] UID:54218 Activity:nil

11/8    ObM$Sucks
        http://technet.microsoft.com/en-us/security/bulletin/ms11-083
        \_ How is this different from the hundreds of other M$ security
           vulnerabilities that people have been finding?
           \_ "The vulnerability could allow remote code execution if an
               attacker sends a continuous flow of specially crafted UDP
	...

2011/11/11-30 [Computer/SW/Security] UID:54224 Activity:nil

11/11   MacOSX's Sandbox security hole:
        http://preview.tinyurl.com/7ph2wtg [arstechnica]
	...

2011/2/10-19 [Computer/SW/Security] UID:54034 Activity:nil

2/9     http://www.net-security.org/secworld.php?id=10570
        Summary: iPhone passwd storage is unsafe after all
	...

Cache (1414 bytes)

www.ssh.com/products/ssh/cert/vulnerability.html -> www.ssh.com/company/newsroom/article/210/Company 10 Products 11 Services 12 Solutions 13 Support 14 Partners 15 Investors 16 Sales 17 About SSH 18 Careers 19 Contact Information 20 News Room 21 Public Relations 22 Events 23 News Room 24 Subscribe to Press Release 25 Subscribe to E-mail Newsletter 26 Unsubscribe from E-mail Newsletter News Room Helsinki, Finland - November 7, 2001 SSH statement regarding the vulnerability of SSH1 protocol There are several vulnerability issues with version 1 of the Secure Shell protocol (SSH1). While version 1 of the protocol is deprecated, it is still widely used. SSH Communications Security recommends that everyone switches to using version 2 of the Secure Shell protocol (SSH2). See the deprecation message for more information about the deprecation of the SSH1 protocol. A summary of some of the vulnerabilities in the SSH1 protocol is also available, outlining some of the known vulnerabilities in the SSH1 protocol. The 27 CERT Coordination Center (CERT/CC) has issued a set of vulnerability notes outlining some of the weaknesses found in SSH1. If you are a user of an SSH1-based product, we strongly recommend that you move to using an SSH2-based product as soon as possible. Commercial use on platforms other than the ones listed here requires a commercial license. Please contact our sales or visit our online store for more information. All other names and marks are property of their respective owners.

Cache (223 bytes)

www.google.com/search?q=cache:xWSTNSCGxl8:www.ssh.com/products/ssh/cert/vulnerability.html+ssh1+vulnerabilities+cert&hl=enPreferences "ssh1" (and any subsequent words) was ignored because we limit queries to 10 words. Suggestions: - Make sure all words are spelled correctly. Also, you can try 11 Google Answers for expert help with your search.

Cache (127 bytes)

www.google.com/search?q=cache:xWSTNSCGxl8:www.ssh.com/products/ssh/cert/vulnerability.htmlSuggestions: - Make sure all words are spelled correctly. Also, you can try 11 Google Answers for expert help with your search.

Cache (73 bytes)

www.csua.berkeley.edu/~ranga/misc/sshv1.txtIf you entered the URL manually please check your spelling and try again.

Cache (145 bytes)

www.google.com/search?q=cache:www.csua.berkeley.edu/motd -> 216.239.57.104/search?q=cache:www.csua.berkeley.edu/motdSee also: /csua/pub/jobs & /csua/pub/housing & /csua/pub/recruiting The uncensored messages below this line may not reflect opinions of the CSUA.