Date: Wed, 26 Jun 2002 18:51:11 +0200 (CEST) From: Attila Nagy <bra@fsn.hu> To: Brett Glass <brett@lariat.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: The "race" that Theo sought to avoid has begun (Was: OpenSSH Advisory) Message-ID: <Pine.LNX.4.44.0206261845200.16380-100000@scribble.fsn.hu> In-Reply-To: <4.3.2.7.2.20020626103956.02291aa0@localhost> References: <4.3.2.7.2.20020626101626.02274c80@localhost> <200206261452.AAA26617@caligula.anu.edu.au> <5.1.0.14.0.20020626103651.048ec778@marble.sentex.ca> <5.1.0.14.0.20020626110043.0522ded8@marble.sentex.ca> <4.3.2.7.2.20020626101626.02274c80@localhost> <4.3.2.7.2.20020626103956.02291aa0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, > >As for the start of the race? It started the minute Theo's notice hit > >bugtraq. > No, it didn't. The skript kiddies didn't know where the bug was. Correct me, if I'm wrong, but people, called "script kiddies" can't really code. They just use tools (scripts) from other people. Of course there are crackers (black hats if you wish), for whom this information could be useable. > He DID say to use PrivSep. He did not say to disable > ChallengeResponseAuthentication for a reason: it would have clued the > kiddies into the location of the bug. Ppl, before you are going crazy, think a little. Theo did you a favor when he released his letter. Why? Because now all of you are using privsep, which will hopefully help you if the another 100 exploits will be released/found in OpenSSH... This is what they call "proactive security" :) --------[ Free Software ISOs - ftp://ftp.fsn.hu/pub/CDROM-Images/ ]------- Attila Nagy e-mail: Attila.Nagy@fsn.hu Free Software Network (FSN.HU) phone @work: +361 210 1415 (194) cell.: +3630 306 6758 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.44.0206261845200.16380-100000>