l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
April 21: Google Glass
Next Installfest:
TBD
Latest News:
Mar. 18: Google Glass at LUGOD's April meeting
Page last updated:
2002 Aug 01 21:59

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] Holes found in OpenSSL...
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] Holes found in OpenSSL...



begin Shwaine <shwaine@malevolence.com> 
> On Tue, 30 Jul 2002, ME wrote:
> 
> > Hello LUG members,
> >
> > Posts have been made to Bugtraq about multiple holes found in OpenSSL 
> that
> > could lead to remote exploits and root access. Projects compiled with
> > OpenSSL (mod_ssl, Apache_ssl, openssh, etc) are suggested for upgrades 
> to
> > new ones. Since OpenSSL is a library, other packages that include code
> > from OpenSSL may need to be recompiled after you have recompiled and
> > installed OpenSSL.
> 
> Just for those who have not heard yet, there was a trojan in the 
> source tarballs on OpenSSH's site. You can read about it on:
         ^^^^^^^^

ok, the subtlety of this was lost on me until i read about the issue
some more.  the binaries are fine.

kind of ironic that this time, building your own package from source
turned out to be the less secure thing to do.   ;)

this is _wild_.  can you imagine the gleeful giggling that must have
gone on while the cracker was doing his thing?  he must have been in hog
heaven...

next time you debate someone about the security of openbsd vs linux, the
proper response is:

   "one word.  ssh."


just kidding.  ;)

pete

-- 
Please don't put my email address in your Outlook addressbook.

GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E  70A9 A3B9 1945 67EA 951D
_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.