Date: Wed, 26 Jun 2002 18:44:35 +0200 From: Christoph Wegener <cwe@bph.ruhr-uni-bochum.de> To: Brett Glass <brett@lariat.org>, Benjamin Krueger <benjamin@seattleFenix.net> Cc: Mike Tancsa <mike@sentex.net>, Darren Reed <avalon@coombs.anu.edu.au>, freebsd-security@FreeBSD.ORG Subject: Re: The "race" that Theo sought to avoid has begun (Was: OpenSSH Advisory) Message-ID: <NHOIMJA61TPM09WR41GBXRJFUQ5YKEN.3d19ef73@gonzo> In-Reply-To: <20020626093538.B8071@mail.seattleFenix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
26.6.2002 18:35:38, Benjamin Krueger <benjamin@seattleFenix.net> wrote: Sorry to say: but I _TOTALLY_ agree to the words of Benjamin!!!!!!!!!!!! > Minimized harm? The great majority of systems are (were) not vulnerable. >As for the start of the race? It started the minute Theo's notice hit bugtraq. > > Had he said "Use PrivSep or disable ChallengeResponseAuthentication" anyone >who *was* vulnerable could have been secured in about 24 seconds. Somehow, I >don't think that the script kiddies could can find the vulnerability from >such minimal information, write an exploit, distribute it amongst each other, >scan the entire internet for the few vulnerable machines around, and exploit >them in a period of 24 seconds, or even 24 hours. Call me skeptical. > > I won't even start on how much industry time (and thus, money) was wasted >while administrators upgraded (many needlessly) their servers. In many >companies, on the order of hundreds or thousands of servers in a farm. > >-- >Benjamin Krueger -- .-. Ruhr-Universitaet Bochum /v\ L I N U X Lehrstuhl fuer Biophysik // \\ >Penguin Computing< c/o Christoph Wegener /( )\ Gebaeude ND 04/Nord ^^-^^ D-44780 Bochum, GERMANY Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626 mailto:cwe@bph.ruhr-uni-bochum.de http://www.bph.ruhr-uni-bochum.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NHOIMJA61TPM09WR41GBXRJFUQ5YKEN.3d19ef73>