Proper analysis of the OpenSSH vuln: https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt … TL;DR agent keys safe, non-agent keys only leak encrypted, MITM not possible.
-
@marcan42 so lots of barking for nothing much?
@flameeyes Pretty much. If you see "connection suspended, press return to resume", hit ^C and the atack is prevented. It even warns you.
-
-
@marcan42 LOL — Remind me, who's the guy who broke embargo for this? -
@flameeyes Looks like Theo de Raadt himself spoiled arguably enough to find it... http://marc.info/?l=openbsd-misc&m=145278077920530&w=2 … - Show replies
New conversation -
-
-
@flameeyes I mean, you could use this to jump between servers that use automated SSH (e.g. I have systems like that), but other than that...Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.