Language Selection

English French German Italian Portuguese Spanish

Dangerous Security Flaw Likely Just a Hoax

Filed under
Security

A claim of a software vulnerability in a program used to connect securely to servers across the Internet is likely a hoax, according to an analyst with the SANS Internet Storm Center.

The program, called OpenSSH (Secure Shell), is installed on tens of millions of servers made by vendors such as Red Hat, Hewlett-Packard, Apple and IBM. It is used by administrators to make encrypted connections with other computers and do tasks such as remotely updating files. OpenSSH is the open-source version, and there are commercial versions of the program.

Earlier this week, SANS received an anonymous e-mail claiming of a zero-day vulnerability in OpenSSH, which means a flaw in the software is already being exploited as it becomes public. It's the most dangerous type of software vulnerability since it means there's no fix for it yet and the bad guys know about it.

A true zero-day vulnerability in OpenSSH could be devastating for the Internet, allowing hackers to have carte blanche access to servers and PCs until a workaround or a patch is readied.

"That's why I think people are actually creating quite a bit of a panic," said Bojan Zdrnja.

rest here




More in Tux Machines

Red Hat Enterprise Linux 7.3 Beta Adds NVDIMM Support, Improves Security

Today, August 25, 2016, Red Hat announced that version 7.3 of its powerful Red Hat Enterprise Linux operating system is now in development, and a Beta build is available for download and testing. Red Hat Enterprise Linux 7.3 Beta brings lots of improvements and innovations, support for new hardware devices, and improves the overall security of the Linux kernel-based operating system used by some of the biggest enterprises and organizations around the globe. Among some of the major new features implemented in the Red Hat Enterprise Linux 7.3 release, we can mention important networking improvements, and support for Non-Volatile Dual In-line Memory Modules (NVDIMMs). Read more Also: CentOS 6 Linux OS Receives Important Kernel Security Update from Red Hat Release of Red Hat Virtualization 4 Offers New Functionality for Workloads

Ubuntu 16.10 Beta 1 Released, Available to Download Now

The Ubuntu 16.10 Beta 1 releases are now available to download. You know the drill by now: {num} Ubuntu flavors, some freshly pressed ISOs, plenty of new bugs to find and no guarantees that things won’t go boom. Read more Also: Ubuntu 16.10 Beta Launches for Opt-in Flavors, Adds GCC 6.2 and LibreOffice 5.2

Games for GNU/Linux

PC-BSD Becomes TrueOS, FreeBSD 11.0 Reaches RC2

  • More Details On PC-BSD's Rebranding As TrueOS
    Most Phoronix readers know PC-BSD as the BSD operating system derived from FreeBSD that aims to be user-friendly on the desktop side and they've done a fairly good job at that over the years. However, the OS has been in the process of re-branding itself as TrueOS. PC-BSD has been offering "TrueOS Server" for a while now as their FreeBSD-based server offering. But around the upcoming FreeBSD 11.0 release they are looking to re-brand their primary desktop download too now as TrueOS.
  • FreeBSD 11.0-RC2 Arrives With Fixes
    The second release candidate to the upcoming FreeBSD 11 is now available for testing. FreeBSD 11.0-RC2 ships with various bug fixes, several networking related changes, Clang compiler fixes, and other updates. FreeBSD 11.0 is bringing updated KMS drivers, Linux binary compatibility layer improvements, UEFI improvements, Bhyve virtualization improvements, and a plethora of other work. Those not yet familiar with FreeBSD 11 can see the what's new guide.