From: Adam Shostack <adam@homeport.org>
To: chad@lycos.com (Chad Dougherty)
Message Hash: daf2ff113b53eae92cc0d0ab2e972a4ca78f85944874521fb35b578115ecf502
Message ID: <199609271217.HAA07612@homeport.org>
Reply To: <199609270608.CAA24129@rat.eng.lycos.com>
UTC Datetime: 1996-09-27 14:00:39 UTC
Raw Date: Fri, 27 Sep 1996 22:00:39 +0800
From: Adam Shostack <adam@homeport.org>
Date: Fri, 27 Sep 1996 22:00:39 +0800
To: chad@lycos.com (Chad Dougherty)
Subject: Re: ssh - How widely used?
In-Reply-To: <199609270608.CAA24129@rat.eng.lycos.com>
Message-ID: <199609271217.HAA07612@homeport.org>
MIME-Version: 1.0
Content-Type: text
I have not found security holes in ssh-1.2.14, which is the version
I've looked at most in depth.
However, I have found things that are disquieting, and as such assume
that clever professionals with time available might be able to exploit
something.
'Standard' hackers with toolkits are likely to move to the
next site.
Adam
Chad Dougherty wrote:
| Adam Shostack writes:
| > Theres a windows version, mac is under vauge development. SSH
| > is pretty cool, but the code base is somewhat messy, and its shows
| > signs of its origins in things like systems calls not having their
| > return values checked.
| >
| > Despite all this, I use it, like it, and recomend it for use
| > in systems not likely to come under attack by professionals.
| >
| > Adam
| >
|
| Why do you say "not likely to come under attack by professionals"?
| Have you found security holes in it?
|
| -Chad
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
Return to September 1996
Return to “Roger Williams <roger@coelacanth.com>”