OpenSSH flaw is a hoax warn researchers

OpenSSH flaw is a hoax warn researchers
OpenSSH flaw is a hoax warn researchers 

By Jeremy Kirk
IDG news service
10 July 2009

Security researchers have warned that a reported flaw in OpenSSH (Secure 
Shell) is a probable hoax.

Earlier this week, SANS received an anonymous email claiming of a 
zero-day vulnerability in OpenSSH, which means a flaw in the software is 
already being exploited as it becomes public. OpenSSH (Secure Shell), is 
used by administrators to make encrypted connections with other 
computers and do tasks such as remotely updating files. OpenSSH is the 
open-source version, and there are commercial versions of the program.

A true zero-day vulnerability in OpenSSH could be devastating for the 
Internet, allowing hackers to have carte blanche access to servers and 
PCs until a workaround or a patch is readied.

"That's why I think people are actually creating quite a bit of a 
panic," said Bojan Zdrnja, a SANS analyst and senior information 
security consultant at Infigo, a security and penetration testing 
company in Zagreb, Croatia. "People should not panic right now. Nothing 
at this time points that there is an exploit being used in the wild."


Attend Black Hat USA, July 25-30 in Las Vegas, 
the world's premier technical event for ICT security experts.
Network with 4,000+ delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. 

Site design & layout copyright © 1986-2014 CodeGods