Displaying items by tag: OpenSSH

A compromise of the kernel.org servers that host Linux kernel development lasted from 2009 well into 2011, with a rootkit known as Phalanx being used to effect entry, the Slovakian security firm ESET says in a detailed report published on Tuesday.

An alert developer appears to have prevented a backdoor — likely introduced into a compression utility by state-backed actors — from being distributed to production Linux systems. The malicious code appears to allow the bypassing of checks during SSH authentication.

A new version of OpenSSH, an implementation of the secure shell protocol, includes a switch to a new key-exchange mechanism by default, among other changes.

The OpenSSH project has implemented changes in its implementation of secure shell to guard against speculative execution and memory side-channel attacks — Spectre, Meltdown, Rowhammer and RAMBleed — developer Damien Miller says.

Mail servers running the Exim mail transport agent are being exploited, with the attackers using a vulnerability disclosed a few days ago to run arbitrary commands as root, a security practitioner has warned.

A man who helped spread malware that exploited the OpenSSH software to steal login credentials has been jailed for 46 months and will be deported after serving his term.

WikiLeaks has released CIA documents detailing implants that can be used to steal traffic from SSH sessions on both Windows and Linux systems, in the latest dump from its Vault 7 stash.

The worst thing about a distributed denial of service attack is not the attack itself. Rather, it is the slew of bottom-feeders who appear on the horizon after the deed and try to profit from the misery of others.

Microsoft has made a contribution of between US$25,000 and US$50,000 to the OpenBSD Foundation which supports OpenBSD and related projects such as OpenSSH, OpenBGPD, OpenNTPD, OpenSMTPD, LibreSSL, and mandoc.

The former OpenBSD developer who has caused a stir by claiming that the FBI had, through certain other OpenBSD developers, planted backdoors in its cryptographic code, says he raised the matter only to encourage a source code audit of the OpenBSD project.

A final step towards removing Cygwin dependencies, new Win32 port of OpenSSH includes both client and server, implementing a majority of the functionalities found in the original code

If you're running GNU/Linux and communicating remotely with other computers, there's a very good chance you have reason to thank Damien Miller.