UK security researchers have discovered hard-to-exploit cryptographic weaknesses in the Secure Shell (SSH) remote administration protocol. The shortcoming creates a potential means to recover the plain text of encrypted sessions, depending on remote access configurations. Potential attacks - which would take ninja-like hacking …
Anyone remember what the default is for OpenSSH (block or stream cipher type)?
Think of the children
Anything which poses risk to minors must be stopped.
Re: Default is ...
For openssh 3.9p1, 4.3p2 and 5.1p1 (the versions I have readily to hand) the default cipher would appear to be aes128-cbc. You can put a "Ciphers" stanza in you ~/.ssh/config to choose one of the stream ciphers -- see ssh_config(5). I've no idea what you do if you're using winders.
I expect there'll be a patch along shortly though.
"the Secure Shell (SSH) remote administration protocol"
hmmn. Remote shell protocol maybe, but it's used for a lot more than just admin work.
The ninjas that can manage a man in the middle could possibly capture packets and decrypt them back to plain text. Which if they are lucky contains something nice to steal.
Sounds like a pretty limited flaw. I won't be going out of my way to fix it... I'll fix it by waiting for Debian to fix it for me ;-)
- 'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
- Pics Facebook's Oculus unveils 360-degree VR head tracking 'Crescent Bay' prototype
- Analysis Apple's warrant canary riddle: Cock-up, conspiracy, or anti-Google point-scoring
- Crawling from the Wreckage THE DEATH OF ECONOMICS: Aircraft design vs flat-lining financial models
- Bargain basement iPhone shoppers BEWARE! eBay exposes users to phishing vuln