paulbates Posted January 15, 2016 Share Posted January 15, 2016 This was released yesterday: January 14, 2016OpenSSH clients between versions 5.4 and 7.1 are vulnerable to information disclosure that may allow a malicious server to retrieve information including under some circumstances, user's private keys. This may be mitigated by adding the undocumented config option UseRoaming no to ssh_config.For more information see CVE-2016-0777 and CVE-2016-0778. This bug is corrected in OpenSSH 7.1p2 and in OpenBSD's stable branch. For more information, please refer to the release notes. Link to comment
Teken Posted January 15, 2016 Share Posted January 15, 2016 Bottom line is if man made it . . . Man can break and circumvent it. This highlights being proactive on all fronts of security, isolation, and off line access. The latest rage is remote access to control the fish bowl, coffee maker, etc. People really need to sit down and think do you really need remote access? If so, is the next layer of security protection in place? Meaning is the system you're accessing linked to anything else on the network? If so, you're open to an intrusion and your network and all their attached devices can be compromised. Speaking for myself only, with the advent of Edward Snowden whistle blower report in how the American Government has during the course of many years been actively spying on every human being on the planet with out any just cause and breaking every known law known to man. My goal in the past and even more so now has been to either limit or completely remove all elements that allow not only a casual hacker to have access. But do it in a manner that is near impossible for a outside force to access my data and hardware. As simple as cutting the Internet cord as they say . . . If there is no physical or wireless access the only means for a person to obtain or control a device is being physically there. At the end of the day people should just follow best practices as they would do so in real life. Don't be stupid and save nude photos of yourself to Skydrive / Drop Box, etc. As was seen by celebrities stars and many other others last year. Those who believe uploading such material to some third party company is a good idea have less brain cells than a rock. This is the very same thing of having devices owned by Google in your home. Really, you're going to let one of the most invasive company known to man into your home and monitor every facet of your life and relay the same to the federal government? I can't imagine how many kool aid drinkers have the NEST, Protect, Drop Cam, On Hub, GMAIL, Google Fiber, etc People are truly stupid . . . Link to comment
KeviNH Posted January 20, 2016 Share Posted January 20, 2016 Most people don't have anything interesting worth hiding, and will happily trade away some nebulous concept of "privacy" for convenient "free" services from Apple, Facebook, Google, , etc. And on this basis, most people assess their personal risk correctly -- the average person is boring (and doesn't look good naked), the average American doesn't have any ideas or plans that the NSA is going to care about, so why worry about centralized data collection and remote control? What's the real exposure? Is Nest going to intentionally mess with J.Random.Users's thermostat remotely just to drive up utility bills? If you aren't the average person and you do have data that the government is interested in, but still want some degree of convenience, then you probably want to deploy a vetted and third-party tested approach to NetSec/InfoSec/OpSec, something like OpenBSD and OpenSSH. I trust the OpenBSD project (creators of OpenSSH) much more than I trust most other purveyors of "free" software, though I realize that they can't get everything perfect all of the time, and so practice defense in depth. I've given them $,$$$ of support over the years in hopes that dollars and bug reports will help them get it right. Link to comment
LFMc Posted February 12, 2016 Share Posted February 12, 2016 This is the very same thing of having devices owned by Google in your home. "Alexa, would you tell me who is listening to me right now?" Link to comment
Teken Posted February 12, 2016 Share Posted February 12, 2016 LMAO . . . ========================= To bestow knowledge is power - But only if it promotes positive results in others. The highest calling in life is to serve ones country faithfully - Teach others what can be. Do what is right and not what is popular. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.