Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 25 Jun 2002 02:58:04 -0600
From:      Theo de Raadt <deraadt@cvs.openbsd.org>
To:        Jarkko Santala <jake@iki.fi>
Cc:        Sean Kelly <smkelly@zombie.org>, Ted Cabeen <secabeen@pobox.com>, "Jacques A. Vidrine" <nectar@FreeBSD.ORG>, freebsd-security@FreeBSD.ORG
Subject:   Re: Hogwash 
Message-ID:  <200206250858.g5P8w4LJ012623@cvs.openbsd.org>
In-Reply-To: Your message of "Tue, 25 Jun 2002 08:48:53 %2B0300." <20020625084249.M12462-100000@trillian.santala.org>
next in thread | previous in thread | raw e-mail | index | archive | help 


     * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
     * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
     * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
     * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
     * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
     * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
     * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
     * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
     * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
     * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


> On Mon, 24 Jun 2002, Theo de Raadt wrote:
> 
> > By holding this information back for a few more days, we are
> > permitting a very important protocol to be upgraded in an immune way,
> > OR YOU CAN TURN IT OFF NOW.
> 
> You have mentioned this "turn it off" solution more than twice. Is this
> your official answer to any exploits in OpenSSH? Can I quote you on this?
> 
> How do you figure this works for commercial companies that need secsh
> connections for business critical needs up and running 24x7?
> 
> 	-jake
> 
> -- 
> Jarkko Santala <jake@iki.fi>            http://www.iki.fi/~jake/
> System Administrator                    2001:670:83:f08::/64
> 
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206250858.g5P8w4LJ012623>