Reply to post:

The NetCAT is out of the bag: Intel chipset exploited to sniff SSH passwords as they're typed over the network


It leaks the timing of everything typed inside the SSH session. So yea you're correct, not the initial authentication, but leaking a password is sort of the worst-case but completely plausible scenario if you logged in and immediately change your password, tunnel elsewhere, use sudo, login to an http interface on a nearby router, etc, etc. All kinds of other useful surveillance could be done too without ever capturing a password.

Arguably the one marked 'victim machine' is really the victim's machine and the RDMA server is the victim machine? but it's just semantics.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019