Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 26 Jun 2002 18:44:35 +0200
From:      Christoph Wegener <cwe@bph.ruhr-uni-bochum.de>
To:        Brett Glass <brett@lariat.org>, Benjamin Krueger <benjamin@seattleFenix.net>
Cc:        Mike Tancsa <mike@sentex.net>, Darren Reed <avalon@coombs.anu.edu.au>, freebsd-security@FreeBSD.ORG
Subject:   Re: The "race" that Theo sought to avoid has begun (Was: OpenSSH Advisory)
Message-ID:  <NHOIMJA61TPM09WR41GBXRJFUQ5YKEN.3d19ef73@gonzo>
In-Reply-To: <20020626093538.B8071@mail.seattleFenix.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
26.6.2002 18:35:38, Benjamin Krueger <benjamin@seattleFenix.net> wrote:

Sorry to say: but I _TOTALLY_ agree to the words of Benjamin!!!!!!!!!!!!

>  Minimized harm? The great majority of systems are (were) not vulnerable. 
>As for the start of the race? It started the minute Theo's notice hit bugtraq.
>
>  Had he said "Use PrivSep or disable ChallengeResponseAuthentication" anyone
>who *was* vulnerable could have been secured in about 24 seconds. Somehow, I
>don't think that the script kiddies could can find the vulnerability from
>such minimal information, write an exploit, distribute it amongst each other, 
>scan the entire internet for the few vulnerable machines around, and exploit 
>them in a period of 24 seconds, or even 24 hours. Call me skeptical.
>
>  I won't even start on how much industry time (and thus, money) was wasted
>while administrators upgraded (many needlessly) their servers. In many
>companies, on the order of hundreds or thousands of servers in a farm.
>
>-- 
>Benjamin Krueger
--
    .-.                             Ruhr-Universitaet Bochum
    /v\    L   I   N   U   X        Lehrstuhl fuer Biophysik
   // \\  >Penguin Computing<       c/o Christoph Wegener
  /(   )\                           Gebaeude ND 04/Nord
   ^^-^^                            D-44780 Bochum, GERMANY

Tel: +49 (234) 32-25754             Fax: +49 (234) 32-14626
mailto:cwe@bph.ruhr-uni-bochum.de   http://www.bph.ruhr-uni-bochum.de





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NHOIMJA61TPM09WR41GBXRJFUQ5YKEN.3d19ef73>