By Jeremy Kirk
IDG news service
10 July 2009
Security researchers have warned that a reported flaw in OpenSSH (Secure
Shell) is a probable hoax.
Earlier this week, SANS received an anonymous email claiming of a
zero-day vulnerability in OpenSSH, which means a flaw in the software is
already being exploited as it becomes public. OpenSSH (Secure Shell), is
used by administrators to make encrypted connections with other
computers and do tasks such as remotely updating files. OpenSSH is the
open-source version, and there are commercial versions of the program.
A true zero-day vulnerability in OpenSSH could be devastating for the
Internet, allowing hackers to have carte blanche access to servers and
PCs until a workaround or a patch is readied.
"That's why I think people are actually creating quite a bit of a
panic," said Bojan Zdrnja, a SANS analyst and senior information
security consultant at Infigo, a security and penetration testing
company in Zagreb, Croatia. "People should not panic right now. Nothing
at this time points that there is an exploit being used in the wild."
Attend Black Hat USA, July 25-30 in Las Vegas,
the world's premier technical event for ICT security experts.
Network with 4,000+ delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com