[unisog] FYI: Debian/Ubuntu SSL/SSH vulnerability, logging issues
fw at deneb.enyo.de
Fri May 23 19:16:41 GMT 2008
* Reed Loden:
> You'd be much better off using Ubuntu's ssh-vulnkey program than the
> dowkd.pl script, as it has a more expansive blacklist, checks more
> things, and has less false positives.
Note that dowkd has not false positives I know of. So far, for each
alleged false positive where I was given a public key, I could provide a
factorization of the RSA modulus.
More information about the unisog