Skip links

SSH 0-day exploit rumors

People are going crazy with the SSH 0-day exploit rumors. Some are even considering to switch back to telnet because of that.

Finally, an official voice from Damien Miller of the SSH development team suggesting that it is just FUD and probably not real ( Quoting him:

In particular, I spent some time analysing a packet trace that he provided, but it seems to consist of simple brute-force attacks.

So, I’m not pursuaded that an 0day exists at all. The only evidence so
far are some anonymous rumours and unverifiable intrusion transcripts.

Initial rumors from ISC: