Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: On why debugging OpenSSH can be so hard

from [Tonnerre Lombard] Network Security [Permanent Link]
Subject: Re: On why debugging OpenSSH can be so hard
Date: Fri, 4 Jul 2008 08:57:41 +0200 
Salut, Maurice,

On Tue, 1 Jul 2008 16:02:46 -0400, Maurice Volaski wrote:

It turns out it was intentionally presenting me with misinformation. 
You see, there was no key file present where it was looking. I 
thought it was looking in one place, but it was actually looking in 
another.

Fail quietly, indeed! It's not simply doing this under ordinary 
operation, but even in debug operation, even under debug level 3. In 
the perfect place where it can tell us quite informatively what's 
about to go wrong--there is nothing!

So in case you're wondering why debugging OpenSSH can be so hard, now
you know.


Please bear in mind that in the world of cryptography, the difference
between proper error messages and information disclosure
vulnerabilities is narrow, or only a nuance.

                                Tonnerre
-- 
SyGroup GmbH
Tonnerre Lombard

Solutions Systematiques
Tel:+41 61 333 80 33            Güterstrasse 86
Fax:+41 61 383 14 67            4053 Basel
Web:www.sygroup.ch              tonnerre.lombard@sygroup.ch

Attachment: signature.asc
Description: PGP signature

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Enforce Passphrase on keys, Robert Hajime Lanning
Next by Date:  Help with "Go away, you don't exist" error message, David Barker-Plummer
Previous by Thread:  On why debugging OpenSSH can be so hard, Maurice Volaski
Next by Thread:  Re: On why debugging OpenSSH can be so hard, Maurice Volaski
Indexes:  [Date] [Thread] [Top] [All Lists]