Gert Burger on Mon, 27 Jul 2009 14:07:06 +0200 (SAST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[GLUG-tech] Re: SSH zero-day exploit soon


Damjan Jovanovic wrote:
> On Mon, Jul 27, 2009 at 12:46 PM, Colin Alston<karnaugh@xxxxxxxxxxxxxxx> wrote:
>   
>> On Mon, Jul 27, 2009 at 12:33 PM, Damjan Jovanovic <damjan.jov@xxxxxxxxx>
>> wrote:
>>     
>>> If it's an OpenSSH exploit like they claim, you can protect yourself
>>> just by running a different SSH implementation.
>>>       
>> Such as?
>>
>>     
>
> http://www.javassh.org/space/start - free open source Java client
> http://mina.apache.org/sshd/ - free open source client and server
>
> I like Java for secure applications, its memory safety makes a buffer
> overrun attack impossible.
>   
Java can still suffer from buffer overflows, although they intended it
to be impossible. Most of these overflows usually target the interface
between the Java VM and external libraries, though there have been
reports of internal overflows in some VM implementations.

-- 
To unsubscribe: send the line "unsubscribe glug-tech" in the
subject of a mail to "glug-tech-request@xxxxxxxxxxxx".
Problems? Email "glug-tech-admins@xxxxxxxxxxxx". Archives are at
http://www.linux.org.za/Lists-Archives/
RULES: http://www.linux.org.za/glugrules.html