It is currently Thu Nov 21, 2024 2:41 am

PuTTY vulnerability update

If you have something technology-related to share and don't feel like cluttering up General Chat, post it here. Anything is fair game and anything highly technical is preferred.

PuTTY vulnerability update

Postby Zancarius » Sun Nov 08, 2015 1:39 pm

http://www.chiark.greenend.org.uk/~sgta ... rflow.html

I know some of you probably use PuTTY. Posting this because it may be of interest.

In short, to become a victim of such an attack, you would need to connect to an a malicious server (or one controlled by an attacker) for this vulnerability to work. However, it's still a good idea to update.

I have no idea if this includes support for ECDSA or ED25519 keys. I'll check when I next boot over to Windows.

Related but not to PuTTY: If you're using public key authentication, you should also consider expiring or phasing out DSA keys due to recent vulnerabilities found in the DSA algorithm. If you're using RSA keys with a minimum strength of 2048, you should be okay. Neither ECDSA nor ED25519 are affected.
I gave that lich a phylactery shard. Liches love phylactery shards.
User avatar
Zancarius
Site Admin
 
Posts: 3907
Joined: Wed Jul 05, 2006 3:06 pm
Location: New Mexico
Gender: Male

Return to Technology Lounge

Who is online

Users browsing this forum: No registered users and 2 guests

cron