Serious Security Hole In PuTTY

Tim 'gk^' Nilimaa writes "A serious security hole has been found in PuTY, version 0.54 and before. Simon Tatham and his fellows released PuTTY 0.55 on 2004-08-03 which solves this bug. The bug may allow servers to use PuTTY to act as a machine that you trust, even beforce you verify the hosts key while connecting using SSH2. An attack could be a fact before you know that you have connected to the wrong machine. I (and they) say: upgrade to PuTTY 0.55 - now."

Recent SSH chatter...

[dpilot]

I've heard lately about a lot more SSH chatter showing up than normal. There's been some speculation about an exploit turning up, soon. Perhaps this is it.

Or maybe there's Yet More To Come.

Re:Clarification

[whoisjoe]

Actually, my client machine has been acting kind of weird lately. I think it's plotting against me, trying to turn my family and friends against...hey what are you do-OW!

THERE IS NOTHING TO FEAR. ALL IS WELL. NOTHING TO SEE HERE. PLEASE KEEP MOVING.

Re:Clarification

[dstone]

Well, of course you trust your client machine.

Not if my client machine runs Windows.

You know ...

[Sonic McTails]

I was expecting BrICk 1.0 .... (It's a joke, laugh !)

Re:Clarification

[AuMatar]

I wouldn't do that Dave.