On Tue, 28 Mar 2000, herrold wrote:
> At the time of the Rootshell incident [has it been almost two
> years(?)], there was a lot of loose talk about claimed
> vulnerabilities, none of which have been publically documented here
> or on Bugtraq, by you or others in your organization.
this isn't true, or fair - after the initial scare, Tatu released an
advisory for a (highly improbable) attack found by Peter Benie against the
krb5-enabled client:
http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-11-01&[EMAIL PROTECTED]
> Obviously a product implementing the earlier protocol is again
> in active development and maintenance, and with the upcoming US RSA
> patent expirations ...
actually, OpenSSH will support SSH v2 very soon. markus committed a good
bit of the code to the OpenBSD CVS repository today. :-)
-d.
---
http://www.monkey.org/~dugsong/
