Not that we need another crisis, but it *is* Friday afternoon. ;) I have not yet been able to get confirming exploit code, but a group I trust has been discussing a previously undiscussed vulnerability in sftp in at least OpenSSH prior to 3.6. This vulnerability has supposedly been known in the underground for two years (and may be related to the GNU ftp server advisory CERT sent out recently.) I would advise *everyone* using OpenSSH to upgrade immediately to the latest version, or at least disable sftp (which is on by default) if you are not using it. I will send more information when I can confirm things.
new ssh vulnerability
As described elsewhere, I've quit LiveJournal. If you're interested in my continuing posts, you should look at one of these (each contains feed…
They published a paper on Dremel, my favorite previously-unpublished tool from the Google toolchest. Greg Linden discusses it: "[...] it is capable…
I finally wrote up my recent adventures in treemapping, complete with nifty clickable visualizations.