Re: SFTP question

To: debian-user@lists.debian.org
Subject: Re: SFTP question
From: Jerry Stuckle <stucklejerry@gmail.com>
Date: Thu, 25 Dec 2014 21:19:49 -0500
Message-id: <[🔎] 549CC5C5.4000005@gmail.com>
In-reply-to: <[🔎] 20141225162314.GB5215@x101h>
References: <[🔎] 20141223125228.GA24853@fever.havannah.local> <[🔎] 20141223153258978953850.NoCcsPlease@bob.proulx.com> <[🔎] 20141224070154.GB30814@fever.havannah.local> <[🔎] 549AE75C.6080505@gmail.com> <[🔎] 20141225135452.GA9301@tagesuhu-pc.batista.in> <[🔎] 549C2AB3.6070406@gmail.com> <[🔎] 20141225162314.GB5215@x101h>

On 12/25/2014 11:23 AM, Reco wrote:
>  Hi.
> 
> On Thu, Dec 25, 2014 at 10:18:11AM -0500, Jerry Stuckle wrote:
>> On 12/25/2014 8:54 AM, Andre N Batista wrote:
>>> On Wed, Dec 24, 2014 at 11:18:36AM -0500, Jerry Stuckle wrote:
>>>> On 12/24/2014 2:01 AM, Danny wrote:
>>>>> Hi Bob,
>>>>>
>>>>> You were right, SFTP, FileZilla and Proftp confused the hell out of me ... lol
>>>>> ... I must add in my defense though that I was in a state of panic after syslog
>>>>> warned me of an attack by someone during the night via ssh ... So I frantically tried to
>>>>> make ssh and Proftp work together without reading the online guides properly ...
>>>>>
>>>>> Sometimes one does stupid things ... lol ...
>>>>>
>>>>> Thanks for everyone's input ...
>>>>>
>>>>> Danny
>>>>>
>>>>
>>>> Danny,
>>>>
>>>> As a side note - don't panic over SSH attacks.  Instead, use the right
>>>> tools and techniques to secure your systems and let them do their jobs.
>>>>  Monitor the server to ensure you didn't leave any holes.
>>>>
>>>> For instance, Fail2ban blocked over 100 IP's from accessing one of my
>>>> servers on yesterday alone.  The attacks keep coming, but none have ever
>>>> succeeded.
>>>
>>> Not surprisingly, I mostly agree with the advice given here, we all
>>> learnt from the same sources.
>>>
>>> Nonetheless, since you claimed to be using puTTy for your ssh needs on
>>> windows, I should warn you that recently someone claimed to be able to
>>> use it as a means to compromise a ssh server:
>>>
>>> http://seclists.org/fulldisclosure/2014/Dec/42
>>>
>>> I have not put it's claims to test, but since the last stable version of
>>> putty dates back one year
>>>
>>> http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
>>>
>>> and since there seems to be no mention of this bug on putty bug tracking
>>> system
>>>
>>> http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/
>>>
>>> I guess you should deploy it at large, at least until it has been fixed.
>>>
>>> Good luck!
>>>
>>
>> It's possible to corrupt ANY program if you replace a .dll or .so with
>> your own code.
> 
> Indeed. But the program which can be tricked to use your own library
> instead of a system one - is called vulnerable usually. I don't mean
> LD_PRELOAD or LD_LIBRARY_PATH tricks but something akin to a braindead
> Windows behavior (which looks for libraries in a current dir first).
> 
> Reco
> 
> 

ANY program is vulnerable if care isn't taken to ensure a download
contains the right files.  That's why there are checksums.

So according to your definition, any program - including the kernel - is
vulnerable to such an attack, and should be classified as such.  This is
true for ANY operating system - not just Windows or Linux.

Jerry

Reply to:

Follow-Ups:
- Re: SFTP question
  - From: Reco <recoverym4n@gmail.com>

References:
- SFTP question
  - From: Danny <dannydebont@gmail.com>
- Re: SFTP question
  - From: Bob Proulx <bob@proulx.com>
- Re: SFTP question
  - From: Danny <mynixmail@gmail.com>
- Re: SFTP question
  - From: Jerry Stuckle <stucklejerry@gmail.com>
- Re: SFTP question
  - From: Andre N Batista <andrenbatista@gmail.com>
- Re: SFTP question
  - From: Jerry Stuckle <stucklejerry@gmail.com>
- Re: SFTP question
  - From: Reco <recoverym4n@gmail.com>

Prev by Date: Re: Debian Jessie / Flash plugin / Version: 11.2.202.425
Next by Date: Re: SFTP question
Previous by thread: Re: SFTP question
Next by thread: Re: SFTP question
Index(es):
- Date
- Thread