Language Selection

English French German Italian Portuguese Spanish

Dangerous Security Flaw Likely Just a Hoax

Filed under
Security

A claim of a software vulnerability in a program used to connect securely to servers across the Internet is likely a hoax, according to an analyst with the SANS Internet Storm Center.

The program, called OpenSSH (Secure Shell), is installed on tens of millions of servers made by vendors such as Red Hat, Hewlett-Packard, Apple and IBM. It is used by administrators to make encrypted connections with other computers and do tasks such as remotely updating files. OpenSSH is the open-source version, and there are commercial versions of the program.

Earlier this week, SANS received an anonymous e-mail claiming of a zero-day vulnerability in OpenSSH, which means a flaw in the software is already being exploited as it becomes public. It's the most dangerous type of software vulnerability since it means there's no fix for it yet and the bad guys know about it.

A true zero-day vulnerability in OpenSSH could be devastating for the Internet, allowing hackers to have carte blanche access to servers and PCs until a workaround or a patch is readied.

"That's why I think people are actually creating quite a bit of a panic," said Bojan Zdrnja.

rest here




More in Tux Machines

Android Leftovers

Leftovers: OSS

  • Rise of Open Cloud Architecture and Over-the-Top (OTT) Network Services
  • Amazon’s Giving Away the AI Behind Its Product Recommendations
    Amazon has become the latest tech giant that’s giving away some of its most sophisticated technology. Today the company unveiled DSSTNE (pronounced “destiny”), an open source artificial intelligence framework that the company developed to power its product recommendation system. Now any company, researcher, or curious tinkerer can use it for their own AI applications.
  • Genode OS Framework release 16.05
    The current release marks the most profound API revision in the project's history. The new API is designed to reinforce the best practices for implementing Genode components. It is the result of countless experiments and the practical experiences made while developing over hundred genuine components during the past ten years.
  • Old projects and the free-software community
    The Community Leadership Summit (CLS) is an annual event for community managers, developer evangelists, people who work on public-facing forums, and those with a general interest in engagement or community development for free-software projects. The 2016 edition was held in Austin, Texas the weekend before OSCON. Several sessions at CLS 2016 dealt with the differences exhibited between old and new free-software projects where community management is concerned. One of those tackled the problem of how to foster community around an older software project, which poses a distinct set of challenges.
  • Thunderbird powered by SoftMaker
    Thunderbird, powered by SoftMaker, is a custom version of the popular email client featuring enhancements that come all in the form of extensions. [...] SoftMaker, a company best known for its SoftMaker Office suite, announced recently that it plans to include the Thunderbird email client into the 2016 version of the office suite.
  • The Document Liberation Project: What we do
    The Document Liberation Project: empowering creators to free their data from proprietary formats.
  • EMC Releases UniK Software for Cloud and IoT App Deployments
  • Microsoft Research Awards Demonstrate Commitment to Open Source [Ed: Microsoft openwashing and claims to be about research rather than cheating, bribery, witch-hunting etc.]
  • The open-source generation gap
    OSI General Manager Patrick Masson was one of the session's attendees, and he pushed back on that last point. There is too much "open-washing" these days, he said, but it does not come from the OSI. There is still only one Open Source Definition; the dilution of the term comes from others who use "open" to describe organizations, workflows, processes, and other things unrelated to software licensing. "We have open hardware and open data, but also 'open cola' and 'open beer.' That blurs over an important distinction. Not everything fits." [...] Among the other points raised during the session, attendees noted that it was important that the community distinguish between minting new project contributors and minting new free-software activists, and that it was important for projects to put a check on flamewar-style debates—particularly those that focus on dismissing certain technologies. It is easy for experienced developers to become attached to a language or framework, but there will always be new languages and projects popping up that are the entry points for new coders. Project members deriding language Y because it is not language X may only serve to tell newcomers that they are not welcome.
  • A discussion on combining CDDL and GPL code
    Within the context of an event dedicated to discussing free and open-source software (FOSS) legalities, such as the Free Software Legal & Licensing Workshop (LLW), the topic of conflicting licenses was bound to come up. The decision by Canonical to start shipping the ZFS filesystem with its Ubuntu server distribution back in February led to a discussion at LLW about distributing the kernel combined with ZFS. Discussions at LLW are held under the Chatham House Rule, which means that names and affiliations of participants are only available for those who have agreed to be identified. This year's LLW was held in Barcelona, April 13-15.
  • Mobile Age: using mobility and open data to include senior citizens in open government
    Helping older European people to be part of the open government process and encouraging their access to civic participation through mobility are the main goals of the Mobile Age project, launched last February.
  • All European scientific articles to be freely accessible by 2020
    And, according to the new Innovation Principle, new European legislation must take account of its impact on innovation. These are the main outcomes of the meeting of the Competitiveness Council in Brussels on 27 May.
  • Council of the European Union calls for full open access to scientific research by 2020
    A few weeks ago we wrote about how the European Union is pushing ahead its support for open access to EU-funded scientific research and data. Today at the meeting of the Council of the European Union, the Council reinforced the commitment to making all scientific articles and data openly accessible and reusable by 2020.
  • Hackaday Prize Entry: An Interface For The Headless Linux System
    Connecting a headless Raspberry Pi to a wireless network can be quite a paradoxical situation. To connect it to the network, you need to open an SSH connection to configure the wireless port. But to do so, you need a network connection in the first place. Of course, you can still get command-line access using a USB-to-UART adapter or the Pi’s ethernet port – if present – but [Arsenijs] worked out a much more convenient solution for his Hackaday Prize entry: The pyLCI Linux Control Interface.
  • RepRap, Open Source and 3DPrinting
    The RepRap project started in 2005 by Adrian Bowyer – “Mister RepRap”, when the patent about this technology expired. 3DPrintings isn’t a new technology, history dates that the first model of stereolithography printing emerged in 1984. The main idea around RepRap projects is to produce 3DPrinters that can auto-replicate most of the parts itself. And in 2006, the RepRap 0.2 successfully printed the first part of itself and in 2008, the first 3d model was printed by an end-user. Currently, the printer more replicated and customized of the 67 printers that are listed on RepRap website, is the Prusa Mendel, the model created by Josef Průša, that was disponibility to the public in 2011 and had a lot of development since.
  • Here is a web interface for switching on your light
    Like I mentioned in a previous post, I wanted to try out a more hackable wifi plug. I got a Kankun “smart” plug. Like the other one I have the software is horrible. The good news is that they left SSH enabled on it.
  • LeMaker Guitar review
    Anyone who has worked with the Compute Module will find the LeMaker Guitar immediately familiar. The system-on-chip processor, an Actions S500, sits alongside 1GB of memory, a combined audio and power management unit, and 8GB of NAND flash storage on an over-sized small-outline DIMM (SODIMM) form factor circuit board. This board then connects to a baseboard, supplied with the Guitar, which provides more accessible connectivity than the SODIMM’s 204 electrical contacts.
  • Open Source Vs Personal Life — Should GitHub Remove Contribution Graph?
    Should GitHub remove contribution graph from the personal profile of the contributors or the developers? This step might be taken for the personal well-being of the developers. Open source is good but personal life cannot be ignored either.

Leftovers: BSD

Security Leftovers