Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.
Melbourne-based OpenSSH developer Damien Miller has played down rumours of a zero-day exploit in the popular application, saying he had no evidence from the alleged owner of a hacked server to justify the claims floating around the net.
SSH or Secure Shell is a program used to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. OpenSSH is a free implementation of the program.
Miller, who has been handling the portable OpenSSH project for some years now, said there were three sets of alleged intrusion logs (1 , 2 , 3 ), which, as far as he could ascertain were at the centre of the rumours.
"The first mentions the use of a tool 'openPWN' and the second '0pen0wn' that have names, usage and output consistent with what a real exploit might look like. They could equally be braggadocio or deliberate misinformation," he told iTWire.
He said he had spent some time analysing a packet trace provided by the owner of the allegedly hacked server but it seemed to consists of simple brute-force attacks.
Miller said there were two issues of note that had been fixed since OpenSSH 4.3 - a signal race condition and a privilege separation issue. He said he doubted the former would be being exploited as even Mark Dowd, one of the top security people in the industry, had been unable to create a working exploit for it.
The privilege separation weakness would only allow someone to escalate their own privileges, and would not grant root access by itself, Miller said.
Rumours of a remote exploit in OpenSSH tend to spread rapidly across the internet as many admins would have reason to worry if such rumours were true: mapping of servers across the internet shows that more than 80 percent of those running SSH are using OpenSSH.
The last time there was a major scare about OpenSSH was in 2003. Prior to that, other implementations of SSH were found to be vulnerable to multiple exploits.
David Bass
| For the fourth year in a row, IDC has placed content security provider Websense (NASDAQ: WBSN) at the top of the IDC Worldwide Web Security 2011 –…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.
