Re: Hogwash

From: Theo de Raadt (deraadt@cvs.openbsd.org)
Date: 06/25/02


To: Jarkko Santala <jake@iki.fi>
Date: Tue, 25 Jun 2002 02:58:04 -0600
From: Theo de Raadt <deraadt@cvs.openbsd.org>


     * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
     * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
     * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
     * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
     * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
     * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
     * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
     * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
     * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
     * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

> On Mon, 24 Jun 2002, Theo de Raadt wrote:
>
> > By holding this information back for a few more days, we are
> > permitting a very important protocol to be upgraded in an immune way,
> > OR YOU CAN TURN IT OFF NOW.
>
> You have mentioned this "turn it off" solution more than twice. Is this
> your official answer to any exploits in OpenSSH? Can I quote you on this?
>
> How do you figure this works for commercial companies that need secsh
> connections for business critical needs up and running 24x7?
>
> -jake
>
> --
> Jarkko Santala <jake@iki.fi> http://www.iki.fi/~jake/
> System Administrator 2001:670:83:f08::/64
>
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Re: Hogwash
    ... On Mon, 24 Jun 2002, Theo de Raadt wrote: ... > By holding this information back for a few more days, ... > permitting a very important protocol to be upgraded in an immune way, ...
    (FreeBSD-Security)
  • Re: docs on for-loop with no __iter__?
    ... >> have made using the protocol in a class simpler. ... but I am currently holding this working hypothesis -- that it's about ... understanding why that now-obsolete protocol was indeed optimal, ...
    (comp.lang.python)