Active Topics

 



Notices
Reply
Thread Tools
ldrn's Avatar
ldrn is offline ldrn
2008-05-13 , 19:32
Posts: 201 | Thanked: 88 times | Joined on Aug 2007 @ San Francisco, CA
#1
I saw this on slashdot and have been busy regenerating all my SSH keys all morning:
http://lists.debian.org/debian-secur.../msg00152.html

I thought my tablet would be effected as well, as the version of OpenSSH shipped is high enough to have been vulnerable, but when I ran its server keys through the ssh-vulnkey tool, they came out as okay. The public keys I replaced as a matter of course.

Is the IT version of OpenSSH not based on debian's?
 
sjgadsby is offline sjgadsby
2008-05-13 , 19:33
Posts: 5,335 | Thanked: 8,187 times | Joined on Mar 2007 @ Pennsylvania, USA
#2
Well, they might be affected...
 
fnordianslip's Avatar
fnordianslip is offline fnordianslip
2008-05-13 , 20:17
Posts: 670 | Thanked: 359 times | Joined on May 2007
#3
Quoting myself (http://www.internettablettalk.com/fo...&postcount=413) and Bundyo (http://www.internettablettalk.com/fo...&postcount=414) from elsewhere:

Originally Posted by fnordianslip View Post
The chinook openssl package seems to be from an earlier version (0.97e-4) than that (0.9.8c-1) affected by the bug (http://article.gmane.org/gmane.linux....announce/1614), but I'm not entirely sure, as I haven't seen the source. fnord.
Originally Posted by Bundyo View Post
Yes, Diablo's libssl and libcrypto are versioned 0.9.8
So, YMMV.
__________________
Class .. : Lame hacker & beardy boffin
Humour . : [#######---] Alignment: Apathetic anarchist
Patience : [####------] Weapon(s): My cat, my code.
Agro ... : |#---------] Relic(s) : N900, MacBookPro, NSLU2, N800, SheevaPlug, Eee-901, Core2-Quad, PS3
"In theory, theory and practice are the same. In practice, they're not."
--
Beware of extras-devel.
 
jackass124 is offline jackass124
2008-05-13 , 20:19
Posts: 100 | Thanked: 6 times | Joined on Jul 2007
#4
quick question....if i wanna do remote desktop over the web from n800 to pc....is it essential to use open SSH to maximize security?? would you guys recommend it?...

Thanx!
 
ldrn's Avatar
ldrn is offline ldrn
2008-05-13 , 20:54
Posts: 201 | Thanked: 88 times | Joined on Aug 2007 @ San Francisco, CA
#5
Thanks! I must have misread the version number; that explains why the server keys were good. What a good thing.

Jackass124: I would, especially if you are going to be entering in passwords and so on. Unlike VNC, remote desktop does have encryption, but all versions prior to 6 are vulnerable to a man in the middle attack, and I am not sure if using the rdesktop client makes you immune.
 
fnordianslip's Avatar
fnordianslip is offline fnordianslip
2008-05-13 , 21:28
Posts: 670 | Thanked: 359 times | Joined on May 2007
#6
jackass124: if you're running Windows on the PC then I'd use WinSCP and/or Putty to access the N800. I don't know if there's an easy way to do it the other way round - I suppose you'd have to use Samba. WinSCP and Putty use SSH and are as secure as it gets (unless you're running Debian/Ubuntu i suppose). Besides, with SSH you get a choice of crypto algorithms, SCP and SFTP for file transfers, and the ability to create tunnels or secure SOCKS proxies. All good stuff really.
__________________
Class .. : Lame hacker & beardy boffin
Humour . : [#######---] Alignment: Apathetic anarchist
Patience : [####------] Weapon(s): My cat, my code.
Agro ... : |#---------] Relic(s) : N900, MacBookPro, NSLU2, N800, SheevaPlug, Eee-901, Core2-Quad, PS3
"In theory, theory and practice are the same. In practice, they're not."
--
Beware of extras-devel.
 
Reply

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 06:24.

Contact Us - Home - Archive - Top