[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Alternative to openssl/openssh
Are there any secure alternatives to openssl/openssh?
It is no fun to patch these stuff almost every day or week or better said
the last time too often!
There is LSH, but it has issues as well. I dont think that openssl and
openssh are in a bad state (quality of code wise). IMHO the multiple
vulnerabilities that have been discovered the last weeks, are the result
of code reviews.
Its the nature of the beast, code will have bugs. Software will have
security issues. Changing to another, less used and thus less reviewed
software will not do much for you (e.g. LSH had a root exploit floating
around, and since a few people changed over to it after the OpenSSH
fiasco of the last weeks, expect another couple of vulns./exploits the
next weeks). IMHO the better way is to focus on installing / configuring
the software in a secure way, to make standard exploiting harder, saving
you time (e.g chrooting, using things like lids or RSBAC). On "special"
systems you might use security by obscurity (e.g. SSH port only opens up
after connection requests to a certain number/sequence of ports), but
creating these kind of things might impose new security threats.
this is a maillist account, so please
send personal replies to tom[at-sign-here]wiretap[little-dot-here]de
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here