Re: Sniffing SSH and HTTPS

To: debian-security@lists.debian.org
Subject: Re: Sniffing SSH and HTTPS
From: Ethan Benson <erbenson@alaska.net>
Date: Tue, 28 Aug 2001 15:52:03 -0800
Message-id: <[🔎] 20010828155203.I28241@plato.local.lan>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 15243.51851.718803.248331@info.unicaen.fr>; from davy@info.unicaen.fr on Tue, Aug 28, 2001 at 06:44:59PM +0200
References: <[🔎] 20010828181212.D6780@billgotchy.de> <[🔎] 15243.51851.718803.248331@info.unicaen.fr>

On Tue, Aug 28, 2001 at 06:44:59PM +0200, Davy Gigan wrote:
> Jan-Hendrik Palic writes:
>  > http://ettercap.sourceforge.net/
>  > 
>  > Is it possible? Are SSH und HTTPS connections unsecure and how do we
>  > make is secure than?
> 
> old ssh protocol v1.5 IS a security hole, you can snif it. I don't know any vulnerability
> for the last OpenSSH_2.9p2 or OpenSSH_2.5.2p2 (which is last in debian security's updates)

wrong, the latest ssh in debian's security updates (thus for potato)
is Version: 1:1.2.3-9.3

the latest in unstable is 2.9p2, testing (woody) has 2.5.2p2, these
are unreleased versions of debian though.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpFI6dZohMTc.pgp
Description: PGP signature

Reply to:

References:
- Sniffing SSH and HTTPS
  - From: Jan-Hendrik Palic <jan.palic@linux-debian.de>
- Re: Sniffing SSH and HTTPS
  - From: Davy Gigan <davy@info.unicaen.fr>

Prev by Date: Re: [ OT ] local packages vs official packages
Next by Date: Re: Sniffing SSH and HTTPS
Previous by thread: Re: Sniffing SSH and HTTPS
Next by thread: Re: Sniffing SSH and HTTPS
Index(es):
- Date
- Thread