This blog posting represents the views of the author, David Fosberry. Those opinions may change over time. They do not constitute an expert legal or financial opinion.
If you have comments on this blog posting, please email me .
The Opinion Blog is organised by threads, so each post is identified by a thread number ("Major" index) and a post number ("Minor" index). If you want to view the index of blogs, click here to download it as an Excel spreadsheet.
Click here to see the whole Opinion Blog.
To view, save, share or refer to a particular blog post, use the link in that post (below/right, where it says "Show only this post").
Posted on 28th December 2023 |
Show only this post Show all posts in this thread (Cybersecurity). |
|
This report by Ars Technica should worry everyone. It describes a new vulnerability of SSH. SSH, or Secure Shell Protocol, was invented in 1995, and provides secure access to remote computers. It provides not only command-line remote access, but also remote graphical applications (where the program runs on the remote computer and any windows that it opens appear on the local computer) using a feature called X11 forwarding. This may seem rather esoteric to some readers, but it is the basis of the administration of remote computer systems like web-servers and cloud servers. It is very powerful and easy to use, and until now has been considered impregnably secure. Now, however, it has been found to be vulnerable to a so-called "man in the middle" attack. We should expect a series of system penetration events, resulting in hackers gaining access to Internet-connected systems and stealing valuable data, ransomware attacks and the like. Luckily, I do not use SSH to access my servers while away from home. Instead, I have written some tools which allow me to do most of the system administration by other methods. | |