1996-09-27 - Re: ssh - How widely used?

Header Data

From: Adam Shostack <adam@homeport.org>
To: chad@lycos.com (Chad Dougherty)
Message Hash: daf2ff113b53eae92cc0d0ab2e972a4ca78f85944874521fb35b578115ecf502
Message ID: <199609271217.HAA07612@homeport.org>
Reply To: <199609270608.CAA24129@rat.eng.lycos.com>
UTC Datetime: 1996-09-27 14:00:39 UTC
Raw Date: Fri, 27 Sep 1996 22:00:39 +0800

Raw message

From: Adam Shostack <adam@homeport.org>
Date: Fri, 27 Sep 1996 22:00:39 +0800
To: chad@lycos.com (Chad Dougherty)
Subject: Re: ssh - How widely used?
In-Reply-To: <199609270608.CAA24129@rat.eng.lycos.com>
Message-ID: <199609271217.HAA07612@homeport.org>
MIME-Version: 1.0
Content-Type: text


I have not found security holes in ssh-1.2.14, which is the version
I've looked at most in depth.

However, I have found things that are disquieting, and as such assume
that clever professionals with time available might be able to exploit
something.

	'Standard' hackers with toolkits are likely to move to the
next site.

Adam


Chad Dougherty wrote:

| Adam Shostack writes:
|  > 	Theres a windows version, mac is under vauge development.  SSH
|  > is pretty cool, but the code base is somewhat messy, and its shows
|  > signs of its origins in things like systems calls not having their
|  > return values checked.
|  >
|  > 	Despite all this, I use it, like it, and recomend it for use
|  > in systems not likely to come under attack by professionals.
|  >
|  > Adam
|  >
| 
| Why do you say "not likely to come under attack by professionals"?
| Have you found security holes in it?
| 
| 	-Chad


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

Thread

• Return to September 1996

• Return to “Adam Shostack <adam@homeport.org>”
• Return to “Black Unicorn <unicorn@schloss.li>”
• Return to “Chad Dougherty <chad@lycos.com>”
• Return to “Eric Murray <ericm@lne.com>”
• Return to “Jonathan Corbet <corbet@stout.atd.ucar.edu>”
• Return to “Lucky Green <shamrock@netcom.com>”
• Return to ““Mark M.” <markm@voicenet.com>”
• Return to “martin hamilton <M.T.Hamilton@lboro.ac.uk>”
• Return to “nobody@cypherpunks.ca (John Anonymous MacDonald)”
• Return to ““Perry E. Metzger” <perry@piermont.com>”

• Return to “Roger Williams <roger@coelacanth.com>”

• 1996-09-27 (Fri, 27 Sep 1996 08:37:02 +0800) - ssh - How widely used? - Black Unicorn <unicorn@schloss.li>
  • 1996-09-27 (Fri, 27 Sep 1996 10:02:27 +0800) - Re: ssh - How widely used? - Adam Shostack <adam@homeport.org>
    • 1996-09-27 (Fri, 27 Sep 1996 20:01:38 +0800) - Re: ssh - How widely used? - martin hamilton <M.T.Hamilton@lboro.ac.uk>
    • 1996-09-27 (Sat, 28 Sep 1996 01:22:34 +0800) - Re: ssh - How widely used? - “Perry E. Metzger” <perry@piermont.com>
  • 1996-09-27 (Fri, 27 Sep 1996 11:49:33 +0800) - Re: ssh - How widely used? - Roger Williams <roger@coelacanth.com>
  • 1996-09-27 (Fri, 27 Sep 1996 12:23:33 +0800) - Re: ssh - How widely used? - Roger Williams <roger@coelacanth.com>
  • 1996-09-27 (Fri, 27 Sep 1996 12:29:08 +0800) - Re: ssh - How widely used? - Lucky Green <shamrock@netcom.com>
  • 1996-09-27 (Fri, 27 Sep 1996 12:45:29 +0800) - Re: ssh - How widely used? - “Mark M.” <markm@voicenet.com>
  • 1996-09-27 (Fri, 27 Sep 1996 13:28:02 +0800) - Re: ssh - How widely used? - Chad Dougherty <chad@lycos.com>
  • 1996-09-27 (Fri, 27 Sep 1996 16:23:29 +0800) - Re: ssh - How widely used? - nobody@cypherpunks.ca (John Anonymous MacDonald)
  • 1996-09-27 (Fri, 27 Sep 1996 16:35:10 +0800) - Re: ssh - How widely used? - Chad Dougherty <chad@lycos.com>
    • 1996-09-27 (Fri, 27 Sep 1996 22:00:39 +0800) - Re: ssh - How widely used? - Adam Shostack <adam@homeport.org>
    • 1996-09-27 (Sat, 28 Sep 1996 03:17:35 +0800) - Re: ssh - How widely used? - “Perry E. Metzger” <perry@piermont.com>
      • 1996-09-27 (Sat, 28 Sep 1996 04:57:42 +0800) - Re: ssh - How widely used? - Adam Shostack <adam@homeport.org>
  • 1996-09-27 (Sat, 28 Sep 1996 02:04:13 +0800) - Re: ssh - How widely used? - Jonathan Corbet <corbet@stout.atd.ucar.edu>
    • 1996-09-27 (Sat, 28 Sep 1996 04:12:11 +0800) - Re: ssh - How widely used? - Eric Murray <ericm@lne.com>