isc.sans.org -- Brute-force SSH Attacks on the Rise
http://isc.sans.org/diary.html?storyid=4408
Two cool blurbs were at the end of the diary entry (an edit, actually): Quote:
Quote:
|
So, your informing us because of this?
"A flaw in a key part of how Debian-based Linux distributions like Ubuntu secure OpenSSH has put potentially millions of servers at risk from a brute force attack. The attack could have major implications for the Internet. "The flaw in question was introduced by a Debian-specific patch," Moore told InternetNews.com. "This patch was not pushed upstream to the OpenSSL folks, so only distributions based on Debian have this issue." http://www.serverwatch.com/news/article.php/3747531 DSA-1571-1 openssl -- predictable random number generator http://www.debian.org/security/2008/dsa-1571 "... never fix a bug you don’t understand ..." :confused: http://www.links.org/?p=327 |
Quote:
I thought the diary entry would be cool to share and it did elaborate on new Denyhosts functionality. |
Quote:
|
All times are GMT -5. The time now is 07:19 AM. |