[NBLUG/talk] openssh exploit?

Eric Eisenhart eric at nblug.org
Tue Sep 16 10:58:00 PDT 2003


On Tue, Sep 16, 2003 at 10:31:34AM -0700, Daniel Smith wrote:
> > >>a) how serious is the openssh
> > >>problem, and b) the idea of switching to lsh?

lsh looks to be still an immature project.  Hm.  And no agent or agent
forwarding, which would rule it out entirely for some of us.

> "is it a wide open, easy to exploit hole, or is
> it something more theoretical?"

As best I can tell, this is still unknown.

> Perhaps the deeper question for all of you running a personal
> server somewhere is: how much effort do you put into trying
> to pin down every last security bug?  At what point do you
> say "you know, it's just my personal server, and the security
> is pretty good, but I have to take the time to get something
> else done besides upgrading all the time"?  (note that I
> am not talking about commercial stuff, just personal servers)

"apt-get update ; apt-get upgrade" or "up2date -u" is pretty easy.  That and
signing up for the security announce list for your distro should cover you
pretty well as long as you're not a specific target for somebody.
-- 
Eric Eisenhart
NBLUG Co-Founder & Director-At-Large
The North Bay Linux Users Group
http://nblug.org/
eric at nblug.org, IRC: Freiheit at freenode, AIM: falschfreiheit, ICQ: 48217244



More information about the talk mailing list