 |
privacy |
||
|
Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.
Blog Feed Recent Items 
The nfoCentrale Blog Conclave nfoCentrale Associated Sites |
2005-05-17SSH and Known_Hosts Vulnerabilities Threaten GridACM News Service: Researchers Reveal Holes in Grid. SSH is not new technology, and apparently that is no assurance of confirmed security. MIT CSAIL researcher Will Stockwell refers to a critical and widespread SSH flaw along with visibility of known_hosts files (demonstrated by probing 92 systems to obtain 8,000 unique addresses) that is enough to permit attack by a simple worm that disrupts a grid or supercomputer system. Compromised versions of SSH have already been exploited in attacking TeraGrid and National Supercomputing Center machines. Well, it just keeps getting better, doesn’t it. This blurb had me looking around for a handy Bruce Schneier quote in my blog clippings, but I didn’t have to go that far. The Paul Roberts 2005-05-13 eWeek article has this great quote from Schneier on the holes in SSH and the prospects for a cascade attack:
This strikes me as an ugly consequence of Dijstra’s assurance that it is only possible to demonstrate flaws, not the absence of flaws [my paraphrasing]. Although Dijkstra had great hopes for provably-correct programs, we know that the gap between theory and practice is immense in this case. It takes a different kind of mind to seek weaknesses rather than completed work, and how do we keep that sort of skill from wandering over to the dark side where the juice seems to be? This and other discussions were held at the International Workshop on Cluster Security held as part of IEEE CCGrid in Cardiff, Wales, earlier in May.
|
||
|
You are navigating Orcmid's Lair. |
template
created 2004-06-17-20:01 -0700 (pdt)
by orcmid |