Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Encryption Security Operating Systems Software Windows

Serious Security Hole In PuTTY 72

Posted by timothy from the and-now-it's-fixed dept.
Tim 'gk^' Nilimaa writes "A serious security hole has been found in PuTY, version 0.54 and before. Simon Tatham and his fellows released PuTTY 0.55 on 2004-08-03 which solves this bug. The bug may allow servers to use PuTTY to act as a machine that you trust, even beforce you verify the hosts key while connecting using SSH2. An attack could be a fact before you know that you have connected to the wrong machine. I (and they) say: upgrade to PuTTY 0.55 - now."
This discussion has been archived. No new comments can be posted.

Serious Security Hole In PuTTY More

Serious Security Hole In PuTTY

Comments Filter:

  • PuTTY tip (Score:1, Interesting)

    by Anonymous Coward on Wednesday August 04, 2004 @08:40AM (#9877795)
    Not really related to this particular story, but related to recent versions of PuTTY. If using SSH, you can set up dynamic port forwarding which actually works as a SOCKS5 proxy which can be used by many applications. This means secure email, secure web browsing, secure whatever, wherever you are as long as you have access to SSH.

  • What I want to know... (Score:2, Interesting)

    by Anonymous Coward on Wednesday August 04, 2004 @12:19PM (#9879919)
    Why is it that PuTTY is a production quality app and it's version number is still < 1? Shouldn't we be at a 1.x release by now?

  • Why not front page? (Score:4, Interesting)

    by gmhowell ( 26755 ) <gmhowell@gmail.com> on Wednesday August 04, 2004 @12:49PM (#9880248) Homepage Journal
    Why isn't this on the front page? Oh, right, let's bury news of problems with cool programs, but a minor issue (solved six months ago) in a Microsoft program gets front page mission.

    Keep up the good work Rob. Hey, where are the 503's today? It hardly seems like the dot without them.

    Yeah, yeah, -1, flamebait -1 troll. Who gives a crap? Not Rob or OSDTNVHPR

  • Re:Nice response time (Score:4, Interesting)

    by Richard_at_work ( 517087 ) on Wednesday August 04, 2004 @03:39PM (#9881994)

    so its always assuring that the devs have a quick turn around on fixes (especially with free software), that kind of dedication is appreciated

    Not meaning to be nasty to the putty team, but theres no verifiable date of discovery of this bug, and the last release was 2003. This bug could have been known to the team 6 months ago, and only fixed now :).

  • Re:Seriously though (Score:3, Interesting)

    by gregfortune ( 313889 ) on Wednesday August 04, 2004 @03:45PM (#9882047)
    What I usually do if I don't know for sure is feed the host a batch of incorrect passwords... If one of them lets me in, the host is certainly a fake. If my fake passwords fail, then I send the correct password and if it *doesn't* let me in, I know my password has been comprimised. Not perfect, but admins killing off their keys when they rebuild a machine is pretty lame too.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close