ntang (ntang) wrote,

Tech geeks: watch out

Two noteworthy things.

1.) There's a new openssh exploit in the wild. A new version of openssh was released, 3.7p1, and from what I heard it may not be a complete fix, but it fixes the immediate problem. I got this from a (very!) reliable source. Bugtraq, Full-Disclosure, and other similar lists have updates on this.

2.) Verisign has set up wildcards so now any unregistered .com or .net domain, and any host in that domain, will point to their servers. This includes mail and web servers, and they've got servers that are answering requests and potentially logging anything that comes in, so a simple typo could easily provide them info. You can read up on this on the NANOG mailing list, among others, and on the NY Times here: http://www.nytimes.com/2003/09/15/technology/15MISS.html and on this site here: http://www.haque.net/verisign_dns_rant.php and here in the washington post:

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded