Reply to post:

The NetCAT is out of the bag: Intel chipset exploited to sniff SSH passwords as they're typed over the network


Tbh I'm surprised SSH sends password keypresses to the remote end like telnet. I would have thought the password was captured client-side and then dealt with in some secure manner.

Are they meaning they capture you logging in to another system from the side-channel-monitored system? So you are already on a remote session from machine A to machine B, typing away, and you SSH from machine B to machine C, while some code on machine B infers your keypresses from the network packets coming from machine A to machine B? That sounds like it would make sense.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019