Re: OpenSSH/PAM timing attack allows remote users identification

From: ilja van sprundel (iljaat_private)
Date: Thu May 01 2003 - 16:59:13 PDT

Next message: Martin Schulze: "[SECURITY] [DSA 298-1] New EPIC4 packages fix DoS and arbitrary code execution"

Previous message: btat_private: "[Full-Disclosure] HP-UX 11.0 /usr/lbin/rwrite"
Next in thread: Thilo Schulz: "Re: OpenSSH/PAM timing attack allows remote users identification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <Pine.LNX.4.30L2.0304301358220.9889-200000at_private> hm, this has been known for some time, and stealth of teso wrote a nice paper and some example tools for stuff like that : http://www.team-teso.net/releases/epta.tgz

Next message: Martin Schulze: "[SECURITY] [DSA 298-1] New EPIC4 packages fix DoS and arbitrary code execution"
Previous message: btat_private: "[Full-Disclosure] HP-UX 11.0 /usr/lbin/rwrite"
Next in thread: Thilo Schulz: "Re: OpenSSH/PAM timing attack allows remote users identification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 02 2003 - 11:16:46 PDT