From owner-freebsd-security Thu Jan 4 3:30:19 2001 From owner-freebsd-security@FreeBSD.ORG Thu Jan 4 03:30:11 2001 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from spammie.svbug.com (mg134-005.ricochet.net [204.179.134.5]) by hub.freebsd.org (Postfix) with ESMTP id D875C37B400; Thu, 4 Jan 2001 03:30:06 -0800 (PST) Received: from spammie.svbug.com (localhost.mozie.org [127.0.0.1]) by spammie.svbug.com (8.9.3/8.9.3) with ESMTP id DAA00395; Thu, 4 Jan 2001 03:29:33 -0800 (PST) (envelope-from jessem@spammie.svbug.com) Message-Id: <200101041129.DAA00395@spammie.svbug.com> Date: Thu, 4 Jan 2001 03:29:32 -0800 (PST) From: opentrax@email.com Reply-To: opentrax@email.com Subject: The Talk: ssh - are you nuts!?! To: tech@openbsd.org Cc: tech-security@netbsd.org, freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Sender: jessem@spammie.svbug.com Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org SSH - are you nuts!?! by Jesus Monroy, Jr. I'm too tired to get this out, but i promised it would be available, so here it is. The Offical Part ---------------- On Jan. 4, 2001, a talk entitled "ssh - are you nuts!?!" will be given at the SVBUG (Silicon Valley BSD User Group) monthly meeting by Club President Jesse Monroy, Jr. Details available at: http://www.svbug.com/events/ My part ------- Today at 7:45pm (local time) this talk will start. People say I'm nuts, sometimes I think they are right. Currently, I've heard hundreds of points of views, read dozens of papers, and comtemplated solutions with vicious circles. Two days before Christmas I related this to my brother-in-law, a Havard/Yale/Cambridge MBA. His response was, "Builds character."; hmm.. Thanks. Other club presidents ask me, "Are you serious about this?" My business partner expressed, just after Christmas, "Is this worth it?" I'll admit, at times, this whole thing has been a bit crazy. So as I've said today at 7:45pm local time, here in Silicon Valley, I will be speaking. The title is "SSH - are you nuts!?!" What do I mean by this? Well to get exactly what I mean you may: 1) Come to the talk. Details are available at: http://www.svbug.com/events/ 2) See my notes after the talk - posted to: http://www.svbug.com/past/ 3) Or see the event with on-line video when it's available later this year. For those you you interested, below are selected points from my talk. ------------------------------------------------------------------- -What I won't be saying -SSH is evil. -SSH is useless. -SSH is a bad idea. -Authentication/Encryption is a hoax or does not work. -Public Key Encryption does not work. (I have no proof.) -I can break Public Key Encryption. (At least, not now.) -I USE SSH. (1 or 2) -I never intend to use SSH. -My systems have never been compromised. -My frame of reference -What I will be saying -Voice my personal complaints -Expose encryption/security myths -Investigate the technical specs/issues -Investigage Technical, Social, Economic, Financial Problems -Investigate attackers and attacks -Tell you where to get SSH -Showing alternatives -Why I'm doing this -My Personal Complaints -What people have to say -SSHv1 vs. SSHv2 -SSHv2 Features -The SSH Specs (the problems within) -Authentication/Encryption - Two methods to argue -can never be broken -can always be broken -SSH(v2) Faults -New Technical problems it creates -Technical Problems outside of SSH control -There are common misconceptions about it's functionality -Social Problems -Economic Problems -Financial Problems -Still Subject to ... -Who wants your data -What is the Man-In-The-Middle -Your Governments Involvement -What SSH programs there are -What alternatives you have -Start with a Strategem -Technical Prevention -Technical Counter Measures -Last words To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message