On 12/20/23 05:53, Jan Panteltje wrote:
SSH protects the world’s most sensitive networks.
It just got a lot weaker:
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
It's important to understand the scope of the attack - it allows full
MITM attackers to discard a certain number of messages from the
beginning of the connection. Not good, and should be fixed, but not world-ending either.
The given example is that the attacker can drop the server's extension
list, so the client will think it doesn't support any extensions. None
of the currently registered extensions seem to be security-critical.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)