[H-GEN] What can i use instead of SSHD?

Sarah Walters sarah at uow.edu.au
Thu Jun 27 02:11:20 EDT 2002 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

On Thu, Jun 27, 2002 at 04:00:06PM +1000, Dan Roe wrote:
> [ Humbug *General* list - semi-serious discussions about Humbug and     ]
> [ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
> 
> Seems to me like SSH is becoming more insecure than FTP/HTTP/Telnet
> Today CERT tells me everything but OpenSSH 3.4 is remotly exploitable
> So i suggest you all update your ssh server
> Im wondering what else i could use instead of SSHD
There is a commercial implementation of SSH if you want to pay for it. But
realistically, it is obvious that Telnet is far more insecure. Once they are in
your system they're already a step closer, and it's an easy matter to sniff
a password going via telnet. Just because there have been a lot of CERT emails
about SSH in the last few days doesn't mean you should abandon it. All software
has bugs. It happens. Upgrade and move on with your life. Unless you want to
go for encrypted, kerberized telnet/rlogin, ssh is the only game in town afaik.

> On another note a freind has discovered a vuln in IE
> Any link that contains 6000 and something chars with some asm code
> Will majikly execute with drastic consequenses
> M$ has been told and have a month before the script kiddies get it
If your friend has discovered such a vulnerability and actually cares for
the sysadmin community, he'll pass the info on to CERT as well. IE has lots
of vulnerabilities. We can make our own minds up about what browser to use.

> Switch from IE to Mozilla (It has more features!)
More than I need. So does IE. Features don't make a good web browser.

-- 
Mrs Sarah Walters					sarah at uow.edu.au
Information Technology Services				Bld 17 Level 2
The University of Wollongong				Ph: +61 2 4221 3775

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list