http://www.techworld.com/security/news/index.cfm?newsID=118941 By Jeremy Kirk IDG news service 10 July 2009 Security researchers have warned that a reported flaw in OpenSSH (Secure Shell) is a probable hoax. Earlier this week, SANS received an anonymous email claiming of a zero-day vulnerability in OpenSSH, which means a flaw in the software is already being exploited as it becomes public. OpenSSH (Secure Shell), is used by administrators to make encrypted connections with other computers and do tasks such as remotely updating files. OpenSSH is the open-source version, and there are commercial versions of the program. A true zero-day vulnerability in OpenSSH could be devastating for the Internet, allowing hackers to have carte blanche access to servers and PCs until a workaround or a patch is readied. "That's why I think people are actually creating quite a bit of a panic," said Bojan Zdrnja, a SANS analyst and senior information security consultant at Infigo, a security and penetration testing company in Zagreb, Croatia. "People should not panic right now. Nothing at this time points that there is an exploit being used in the wild." [...] _______________________________________________ Attend Black Hat USA, July 25-30 in Las Vegas, the world's premier technical event for ICT security experts. Network with 4,000+ delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.comReceived on Fri Jul 10 2009 - 01:50:17 PDT
This archive was generated by hypermail 2.2.0 : Fri Jul 10 2009 - 02:03:33 PDT