Reply to post: Press Ctrl + S to Save Yourself Against this Exploit

The NetCAT is out of the bag: Intel chipset exploited to sniff SSH passwords as they're typed over the network

ankitpati
Stop

Press Ctrl + S to Save Yourself Against this Exploit

There’s a very simple mitigation against this exploit, already built right into (almost) every terminal (and terminal emulator) since the first (physical) one: Flow Control.

Just press Ctrl + S before entering sensitive information into a terminal, and press Ctrl + Q when done.

For improved usability, avoid using this with non-sensitive information, like regular UNIX commands. Only use for passwords, and perhaps secret file/directory names on a web server.

What happens is that the terminal queues your input between those two keystrokes, and sends it all at once, obliterating any timing information. Ctrl + S and Ctrl + Q are themselves not sent over the wire.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019