SSH News, Articles and Updates

Stack-based buffer overflow bug found in glibc

A popular open-source C library used by thousands of unix-like machines which defines the "system calls" is vulnerable to buffer-overflow attacks.

Dropbear SSH daemon doesn't authenticate users

A critical authentication bug has been discovered in Advantech's EKI series of Modbus-to-TCP/IP gateways.

Nine percent of HTTPS hosts on the web "share the same private keys"

Stefan Viehböck, senior security consultant at SEC Consult, examined 4000 devices from 70 vendors and found widespread reuse of private keys.

SSH inventor proposes best practice guidance in face of poor deployment and management of keys

Management of secure shell (SSH) keys has become such a problem for businesses, that some spend ten per cent of their working time on remediation of them.

SSH Communications Security to release free assessment tool

SSH Communications Security has announced a free tool to scan and assess networks to provide a report on risk and compliance exposures in secure shell (SSH) environments.

Attacks on businesses could cost £260 million due to certificate and key issues

Businesses do not get the concept of certificate management and there is a lack of trust between users, according to Venafi.