James B. Byrne
byrnejb at harte-lyne.ca
Tue Jan 9 14:47:11 UTC 2018
I have read some accounts which seem to imply that the rate of ssh
attacks measurably increased following the announcement of these two
flaws. The implication being that there was some cause and effect
relationship. I cannot fathom what this could be.
I do not wish to exist in a state of blissful ignorance. But, neither
do I wish to overestimate the degree of threat these two flaws present
to our operations.
>From what I have read the impression I obtain is that both of these
two security flaws require that unaudited software be allowed to run
on the affected hosts. If one is running a private data centre, and
if only authorized software is permitted to run therein, then how much
of a threat does this development pose to such?
It seems to me that public 'cloud' environments is where this sort of
stuff would find its most vulnerable targets. Private data systems
are no more likely to succumb to attacks along this vector than to any
other routinely available rootkit. Is that a fair assessment?
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the freebsd-questions