Language Selection

English French German Italian Portuguese Spanish

Dangerous Security Flaw Likely Just a Hoax

Filed under
Security

A claim of a software vulnerability in a program used to connect securely to servers across the Internet is likely a hoax, according to an analyst with the SANS Internet Storm Center.

The program, called OpenSSH (Secure Shell), is installed on tens of millions of servers made by vendors such as Red Hat, Hewlett-Packard, Apple and IBM. It is used by administrators to make encrypted connections with other computers and do tasks such as remotely updating files. OpenSSH is the open-source version, and there are commercial versions of the program.

Earlier this week, SANS received an anonymous e-mail claiming of a zero-day vulnerability in OpenSSH, which means a flaw in the software is already being exploited as it becomes public. It's the most dangerous type of software vulnerability since it means there's no fix for it yet and the bad guys know about it.

A true zero-day vulnerability in OpenSSH could be devastating for the Internet, allowing hackers to have carte blanche access to servers and PCs until a workaround or a patch is readied.

"That's why I think people are actually creating quite a bit of a panic," said Bojan Zdrnja.

rest here




More in Tux Machines

Linux Foundation: New Members, Certifications and Microsoft Entryism

ETSI/GNU/Linux-based MANO

  • ETSI Open Source MANO announces Release FOUR, moving faster than ever
    ETSI is pleased to announce the availability of OSM Release FOUR. Bringing a large set of new features and enhancements, this version is the most ambitious and innovative OSM Release to date and constitutes a huge leap forward in terms of functionality, user experience and maturity. This new Release brings substantial progress thanks to a number of architectural improvements, which result in a more efficient behaviour and much leaner footprint – up to 75% less RAM consumption. Additionally, its new northbound interface, aligned with ETSI NFV work, and the brand-new cloud-native setup, facilitate OSM’s installation and operation, while making OSM more open and simpler to integrate with pluggable modules and external systems, such as the existing OSS.
  • Open Source MANO Release FOUR lands
    In monitoring, ETSI says OSM Release FOUR's alarm and metric settings are easier to use, and a new policy manager adds push notifications and reactive policy configuration, which the standards body says “opens the door to closed-loop operations”. The monitoring module uses Apache Kafka as its message passing bus, and the module also implements a flexible plugin model so sysadmins can BYO monitoring environment.

today's howtos part 2

Programming: GitLab, Security, Power and Jakarta EE

  • GitLab 10.8 open sources push mirroring
    GitLab 10.8 was released this week with the open sourcing of a highly requested feature. The company announced its push mirroring capability is now open sourced. Push mirroring was originally introduced as a paid feature, but GitLab says it is one of the most frequently requested to be moved into the open-source codebase. This move will add a few new use cases for GitLab Core users, such as freelance developers being able to mirror client repos and users migrating to GitLab being able to use push mirroring to ease the migration path.
  • How Security Can Bridge the Chasm with Development
    Enhancing the relationships between security and engineering is crucial for improving software security. These six steps will bring your teams together. There's always been a troublesome rift between enterprise security teams and software developers. While the friction is understandable, it's also a shame, because the chasm between these teams makes it all the more challenging to build quality applications that are both great to use and safe.
  • Which Programming Languages Use the Least Electricity?
    Can energy usage data tell us anything about the quality of our programming languages? Last year a team of six researchers in Portugal from three different universities decided to investigate this question, ultimately releasing a paper titled “Energy Efficiency Across Programming Languages.” They ran the solutions to 10 programming problems written in 27 different languages, while carefully monitoring how much electricity each one used — as well as its speed and memory usage.
  • How Java EE found new life as Jakarta EE
    The title of this post may seem strange, but if you look a bit into Java EE's recent history, it will make sense. Originally, Sun started and ran Java Enterprise Edition, and later Oracle took over after it acquired Sun. Specifications were driven by a Sun/Oracle-governed process. At more or less regular intervals, they made a new version of the specification available, which was implemented by the server vendors. Those vendors had to license the technology compatibility kits (TCKs) and brand from Oracle. Let's fast-forward a bit. In 2013, Java EE 7 was released, and Oracle began work on EE8, but it did not progress quickly. Meanwhile, new technologies like Docker and Kubernetes came along and changed the way applications run. Instead of running a single fat server process on a big machine, the software is now split into smaller, independent services that run in a (usually) Docker container orchestrated by Kubernetes.