SecuObs.com

SecuObs.com http://www.secuobs.com L'observatoire de la securite Internet fr webmaster@secuobs.com PuttyHijack session hijack POC ... PuttyHijack session hijack POC http://www.secuobs.com/revue/news/332182.shtml http://www.secuobs.com/news/comments215112008-openssh_cbc_ctr_aes_cpni.shtml#11058 http://www.secuobs.com/news/comments215112008-openssh_cbc_ctr_aes_cpni.shtml#11058 ESRT @opexxx - Useless OpenSSH resources exhausion bug via GSSAPI ... ESRT @opexxx - Useless OpenSSH resources exhausion bug via GSSAPI http://www.secuobs.com/twitter/news/233878.shtml http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#10351 http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#10351 ESRT @adulau @jedisct1 - Erlang OTP SSH Library Random Number Generator Weakness ... ESRT @adulau @jedisct1 - Erlang OTP SSH Library Random Number Generator Weakness http://www.secuobs.com/twitter/news/233656.shtml http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#10346 http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#10346 ESRT @digininja @n00bznet @kingcope - As promised: OpenSSH 35p1 Remote Root Exploit for FreeBSD -- I would verify this ... ESRT @digininja @n00bznet @kingcope - As promised: OpenSSH 35p1 Remote Root Exploit for FreeBSD -- I would verify this http://www.secuobs.com/twitter/news/223010.shtml http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#10001 http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#10001 ESRT @adulau @damienmiller - Did Redhat just fix OpenSSH by making it seed with only 6 bytes from /dev/random? ... ESRT @adulau @damienmiller - Did Redhat just fix OpenSSH by making it seed with only 6 bytes from /dev/random? http://www.secuobs.com/twitter/news/214247.shtml http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#9835 http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#9835 ESRT @packet_storm - OpenSSH 5.8p2 ... ESRT @packet_storm - OpenSSH 5.8p2 http://www.secuobs.com/twitter/news/202225.shtml http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#9542 http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#9542 ESRT @VUPEN - OpenSSH v5.8 was released to fix an information disclosure vulnerability ... ESRT @VUPEN - OpenSSH v5.8 was released to fix an information disclosure vulnerability http://www.secuobs.com/twitter/news/170440.shtml http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#8827 http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#8827 FreeSSHD 1.2.4 Remote Buffer Overflow DoS ... FreeSSHD 1.2.4 Remote Buffer Overflow DoS http://www.secuobs.com/revue/news/204207.shtml http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#5478 http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#5478 ProSSHD v1.2 20090726 Buffer Overflow Exploit ... ProSSHD v1.2 20090726 Buffer Overflow Exploit http://www.secuobs.com/revue/news/197312.shtml http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#5260 http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#5260 openssh-53p1-remote-root.c ... openssh-53p1-remote-root.c http://www.secuobs.com/revue/news/189359.shtml http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#4919 http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#4919 Hacking the OpenSSH library for Ncrack ... Hacking the OpenSSH library for Ncrack http://www.secuobs.com/revue/news/126423.shtml http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#2524 http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#2524 ESRT @thierryzoller - Fake OpenSSH 0pen0wn shellcode dissasembled ... ESRT @thierryzoller - Fake OpenSSH 0pen0wn shellcode dissasembled http://www.secuobs.com/twitter/news/8796.shtml http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#2352 http://www.secuobs.com/news/comments115112008-openssh_cbc_ctr_aes_cpni.shtml#2352 ESRT @danielcid - reply from ssh on the 0-day rumors ... ESRT @danielcid - reply from ssh on the 0-day rumors http://www.secuobs.com/twitter/news/7572.shtml http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#2286 http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#2286 ESRT @hackerfantastic - SSH attack pcap capture made available ... ESRT @hackerfantastic - SSH attack pcap capture made available http://www.secuobs.com/twitter/news/7528.shtml http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#2284 http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#2284 Unverified : ESRT @cykyc 0day openssh 43 remote exploit via @mubix @Gh0u1 ... Unverified : ESRT @cykyc 0day openssh 43 remote exploit via @mubix @Gh0u1 http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#2262 http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#2262 ESRT @mubix A very effective SSH bruteforcer by @laramies recently updated ... ESRT @mubix A very effective SSH bruteforcer by @laramies recently updated http://www.secuobs.com/twitter/news/6657.shtml http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#2218 http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#2218 Using and Extending Kojoney SSH Honeypot ... Using and Extending Kojoney SSH Honeypot http://www.secuobs.com/revue/news/100751.shtml http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#1585 http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#1585 PUTTKyeak = PUTTY + KEYLOG + TWEAK ... PUTTKyeak = PUTTY + KEYLOG + TWEAK http://www.secuobs.com/revue/news/100468.shtml http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#1579 http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#1579 OpenSSH chink bares encrypted data packets ... OpenSSH chink bares encrypted data packets http://www.secuobs.com/revue/news/98239.shtml http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#1521 http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#1521 Sun Solaris SSH CBC Mode Plaintext Recovery Vulnérabilité ... Sun Solaris SSH CBC Mode Plaintext Recovery Vulnérabilité http://www.secuobs.com/revue/news/43223.shtml http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#364 http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#364 There was an error in the original advisory. The estimate of 32768 attempts to carry out a successful attack is incorrect. The correct estimate is 11356 attempts. A revised version is now available at ... There was an error in the original advisory. The estimate of 32768 attempts to carry out a successful attack is incorrect. The correct estimate is 11356 attempts. A revised version is now available at: http://www.openssh.com/txt/cbc.adv The advisory and its recommendations are otherwise unchanged. Vu sur bugtraq >>> http://secuobs.com/secumail/btsecumail/ http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#324 http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#324 la réponse d'openssh ... la réponse d'openssh http://www.secuobs.com/secumail/btsecumail/msg14449.shtml http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#321 http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#321 alerte secunia relative aujourd'hui ... alerte secunia relative aujourd'hui http://secuobs.com/secumail/snsecumail/msg13006.shtml http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#313 http://www.secuobs.com/news/comments15112008-openssh_cbc_ctr_aes_cpni.shtml#313