From: Michael J Gebis <gebis@ecn.purdue.edu>
To: cypherpunks@toad.com
Message Hash: 1c8c69181731ca3392aff4c930ad7d42bbe51b48c7d99a5619d11bd4fe604409
Message ID: <199510041611.LAA20818@purcell.ecn.purdue.edu>
Reply To: N/A
UTC Datetime: 1995-10-04 16:11:38 UTC
Raw Date: Wed, 4 Oct 95 09:11:38 PDT
From: Michael J Gebis <gebis@ecn.purdue.edu>
Date: Wed, 4 Oct 95 09:11:38 PDT
To: cypherpunks@toad.com
Subject: Re: Netscape hole without .Xauthority (fwd)
Message-ID: <199510041611.LAA20818@purcell.ecn.purdue.edu>
MIME-Version: 1.0
Content-Type: text
Robert Owen Thomas wrote:
> more and more, networks are becoming flooded with X traffic. although X
> has always been known to be a potential security hole, i think X-attacks
> are going to increase dramatically in the coming months.
>
> i commonly hear of sights with Xauthority enabled, only to have the user
> community type "xhost +" at the prompt. bad karma. the days of pumping
> rude & crass noises to someone else's workstation will soon graduate to
> more nefarious and insidious attacks.
>
> is anyone looking into a means of securing X (above and beyond the current
> weak solutions)?
I have not used it for this purpose, but ssh claims to do "Secure X11
sessions."
Actually, I'm interested in what the cypherpunks think of ssh in
general; I'm not able to do a strong analysis of the code myself. If
it does everything it claims to do, it's a very powerful tool;
however, I don't know of any in-depth studies of ssh security.
--
Mike Gebis gebis@ecn.purdue.edu
Return to October 1995
Return to “Michael J Gebis <gebis@ecn.purdue.edu>”
1995-10-04 (Wed, 4 Oct 95 09:11:38 PDT) - Re: Netscape hole without .Xauthority (fwd) - Michael J Gebis <gebis@ecn.purdue.edu>