I published the following diary on isc.sans.edu: “(Ab)Using Security Tools & Controls for the Bad“: As security practitioners, we give daily advice to our customers to increase the security level of their infrastructures. Install this tool, enable this feature, disable this function, etc. When enabled, these techniques can also be
A very quick post about a new thread which has been started yesterday on the OSS-Security mailing list. It’s about a vulnerability affecting almost ALL SSH server version. Quoted from the initial message; It affects all operating systems, all OpenSSH versions (we went back as far as OpenSSH 2.3.0, released
OpenSSH is a common tool for most of network and system administrators. It is used daily to open remote sessions on hosts to perform administrative tasks. But, it is also used to automate tasks between trusted hosts. Based on public/private key pairs, hosts can exchange data or execute commands via
The new version (5.4) of OpenSSH has been released early this morning. OpenSSH is THE free implementation of the SSH protocol available on common devices and operating systems. The primary goal of OpenSSH is to allow remote access to hosts for management purpose. But many other features make OpenSSH a
