Doesn't this belong on the old SSHv2 WG's mailing list?
On Sat, Jul 14, 2007 at 11:43:53AM -0700, Ed Gerck wrote:
SSH (OpenSSH) is routinely used in secure access for remote server
maintenance. However, as I see it, SSH has a number of security issues
that have not been addressed (as far I
On Sat, Jul 14, 2007 at 11:43:53AM -0700, Ed Gerck wrote:
SSH (OpenSSH) is routinely used in secure access for remote server
maintenance. However, as I see it, SSH has a number of security issues
that have not been addressed (as far I know), which create unnecessary
vulnerabilities.
Some
On 7/14/07, Ed Gerck [EMAIL PROTECTED] wrote:
1. firewall port-knocking to block scanning and attacks
I would love to see a mode like freenet's silent bob, where connectors
must prove probable knowledge of the host key before the node will
talk.
5. block sending host key fingerprint for
On Jul 14, 2007, at 2:43 PM, Ed Gerck wrote:
1. firewall port-knocking to block scanning and attacks
2. firewall logging and IP disabling for repeated attacks (prevent
DoS,
block dictionary attacks)
3. pre- and post-filtering to prevent SSH from advertising itself and
server OS
4. block empty
Ivan Krstić wrote:
On Jul 14, 2007, at 2:43 PM, Ed Gerck wrote:
1. firewall port-knocking to block scanning and attacks
2. firewall logging and IP disabling for repeated attacks (prevent DoS,
block dictionary attacks)
3. pre- and post-filtering to prevent SSH from advertising itself and
i'm an OpenBSD developer, so i have some knowlege but could be biased.
SSH (OpenSSH) is routinely used in secure access for remote server
maintenance. However, as I see it, SSH has a number of security issues
that have not been addressed (as far I know), which create unnecessary
Leichter, Jerry [EMAIL PROTECTED] writes:
Between encrypted VOIP over WIFI and eventually over broadband cell - keeping
people from running voice over their broadband connections is a battle the
telco's can't win in the long run - and just plain encrypted cell phone
calls, I think in a couple of
[EMAIL PROTECTED] (Peter Gutmann) writes:
I think you're looking at this a bit wrong. I rememeber the same opinion as
the above being expressed on the brew-a-stu list about fifteen years ago, and
no doubt some other list will carry it in another fifteen years time, with
nothing else having
| Between encrypted VOIP over WIFI and eventually over broadband cell -
| keeping people from running voice over their broadband connections is
| a battle the telco's can't win in the long run - and just plain
| encrypted cell phone calls, I think in a couple of years anyone who
| wants secure
At 07:37 AM 7/12/2007, Eric Cronin wrote:
With current CPUs and audio codecs you can get
decent voice quality over 9600bps.
Yes and no. There are lots of 8kbps codecs, and some 6.5 and 5.3kbps codecs,
all off which give acceptable voice quality if transmission's ok.
(And you can reduce
hmm
http://qrbg.irb.hr/
--
mike
http://lets.coozi.com.au/
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
The SSH discussion has (in messages I didn't forward) rapidly
degenerated into an argument that isn't very high signal. I'd suggest
that the non-crypto aspects are best discussed on other mailing lists
like the IETF SSH working group lists and the OpenSSH developers
mailing list. If there are
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=270146164488
--
Perry E. Metzger[EMAIL PROTECTED]
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Ed Gerck [EMAIL PROTECTED] writes:
Some issues could be minimized by turning off password authentication, which
is not practical in many cases.
That would probably make things much worse. A study of SSH attacks a few
years ago showed that nearly two thirds of all SSH private keys were stored on
On Tue, 17 Jul 2007 13:11:41 -0400 (EDT)
Leichter, Jerry [EMAIL PROTECTED] wrote:
I'd guess that the next step will be in the business community. All
it will take is one case where a deal is visibly lost because of
proven eavesdropping (proven in quotes because it's unlikely that
there
Paul Hoffman [EMAIL PROTECTED] writes:
I posted a new security research article at
http://www.proper.com/root-cert-problem/. It is not directly related to
crypto (although not so much of the traffic on this list is...), it does
relate to some PKI topics that are favorites of this list.
The
At 2:45 AM +1200 7/20/07, [EMAIL PROTECTED] wrote:
From a security point of view, this is really bad. From a usability point of
view, it's necessary.
As you can see from my list of proposed solutions, I disagree. I see
no reason not to to alert a user *who has removed a root* that you
are
[EMAIL PROTECTED] wrote:
From a security point of view, this is really bad. From a usability
point of
view, it's necessary.
I agree with all the above, including deleted.
The solution is to let the HCI people into the
design
process, something that's very rarely, if ever, done in the
An earlier post, talking about vulnerabilities and the lack of an
appropriate market response, said:
We're talking about phone calls -- did all of the well-publicized
cellular eavesdropping (Prince Charles, Newt Gingrich (then a major US
politician), and more) prompt a change? Well,
A blog entry which claims that the proprietary Push IMAP protocol
that Apple and Yahoo came up with is deeply flawed -- the entry states
that the entire thing is vulnerable to trivial replay attacks.
http://blog.dave.cridland.net/?p=32
Hat tip: Marshall Rose
If true, this is yet more evidence
[EMAIL PROTECTED] wrote:
The executive summary, so I've got something to reply to:
In the default configuration for Windows XP with Service Pack 2 (SP2),
if a
user removes one of the trusted root certificates, and the certifier who
issued that root certificate is trusted by Microsoft,
List,
Thanks everyone for the feedback. There are now some
ideas how things could be improved using crypto. I
prepared a summary of the public and private responses,
and clarifications, at:
http://email-security.blogspot.com/2007_07_01_archive.html
Comments are welcome in here (if crypto) an
22 matches
Mail list logo
