Active Topics
-
Error after installing Leste on sdcard (18)
to Maemo 7 / Leste by Maemish - 4 hrs, 52 mins ago -
Maemo 20th Anniversary (4)
to Brainstorm by teroyk - 1 day, 23 hrs ago -
Nokia Booklet 3G (RX-75) Drivers (64)
to Alternatives by teroyk - 2 days ago -
Porting apps to Leste (46)
to Maemo 7 / Leste by teroyk - 4 days, 3 hrs ago - more...
|
2008-05-13
, 19:33
|
|
Posts: 5,335 |
Thanked: 8,187 times |
Joined on Mar 2007
@ Pennsylvania, USA
|
#2
|
Well, they might be affected...
 |
|
2008-05-13
, 20:17
|
|
Posts: 670 |
Thanked: 359 times |
Joined on May 2007
|
#3
|
Quoting myself (http://www.internettablettalk.com/fo...&postcount=413) and Bundyo (http://www.internettablettalk.com/fo...&postcount=414) from elsewhere:
Originally Posted by fnordianslip
The chinook openssl package seems to be from an earlier version (0.97e-4) than that (0.9.8c-1) affected by the bug (http://article.gmane.org/gmane.linux....announce/1614), but I'm not entirely sure, as I haven't seen the source. fnord.
Originally Posted by Bundyo
So, YMMV.
Yes, Diablo's libssl and libcrypto are versioned 0.9.8
__________________
Class .. : Lame hacker & beardy boffin
Humour . : [#######---] Alignment: Apathetic anarchist
Patience : [####------] Weapon(s): My cat, my code.
Agro ... : |#---------] Relic(s) : N900, MacBookPro, NSLU2, N800, SheevaPlug, Eee-901, Core2-Quad, PS3
"In theory, theory and practice are the same. In practice, they're not."
--
Beware of extras-devel.
Class .. : Lame hacker & beardy boffin
Humour . : [#######---] Alignment: Apathetic anarchist
Patience : [####------] Weapon(s): My cat, my code.
Agro ... : |#---------] Relic(s) : N900, MacBookPro, NSLU2, N800, SheevaPlug, Eee-901, Core2-Quad, PS3
"In theory, theory and practice are the same. In practice, they're not."
--
Beware of extras-devel.
|
|
2008-05-13
, 20:19
|
|
Posts: 100 |
Thanked: 6 times |
Joined on Jul 2007
|
#4
|
quick question....if i wanna do remote desktop over the web from n800 to pc....is it essential to use open SSH to maximize security?? would you guys recommend it?...
Thanx!
Thanx!
 |
|
2008-05-13
, 20:54
|
|
Posts: 201 |
Thanked: 88 times |
Joined on Aug 2007
@ San Francisco, CA
|
#5
|
Thanks! I must have misread the version number; that explains why the server keys were good. What a good thing.
Jackass124: I would, especially if you are going to be entering in passwords and so on. Unlike VNC, remote desktop does have encryption, but all versions prior to 6 are vulnerable to a man in the middle attack, and I am not sure if using the rdesktop client makes you immune.
Jackass124: I would, especially if you are going to be entering in passwords and so on. Unlike VNC, remote desktop does have encryption, but all versions prior to 6 are vulnerable to a man in the middle attack, and I am not sure if using the rdesktop client makes you immune.
|
|
2008-05-13
, 21:28
|
|
Posts: 670 |
Thanked: 359 times |
Joined on May 2007
|
#6
|
jackass124: if you're running Windows on the PC then I'd use WinSCP and/or Putty to access the N800. I don't know if there's an easy way to do it the other way round - I suppose you'd have to use Samba. WinSCP and Putty use SSH and are as secure as it gets (unless you're running Debian/Ubuntu i suppose). Besides, with SSH you get a choice of crypto algorithms, SCP and SFTP for file transfers, and the ability to create tunnels or secure SOCKS proxies. All good stuff really.
__________________
Class .. : Lame hacker & beardy boffin
Humour . : [#######---] Alignment: Apathetic anarchist
Patience : [####------] Weapon(s): My cat, my code.
Agro ... : |#---------] Relic(s) : N900, MacBookPro, NSLU2, N800, SheevaPlug, Eee-901, Core2-Quad, PS3
"In theory, theory and practice are the same. In practice, they're not."
--
Beware of extras-devel.
Class .. : Lame hacker & beardy boffin
Humour . : [#######---] Alignment: Apathetic anarchist
Patience : [####------] Weapon(s): My cat, my code.
Agro ... : |#---------] Relic(s) : N900, MacBookPro, NSLU2, N800, SheevaPlug, Eee-901, Core2-Quad, PS3
"In theory, theory and practice are the same. In practice, they're not."
--
Beware of extras-devel.
http://lists.debian.org/debian-secur.../msg00152.html
I thought my tablet would be effected as well, as the version of OpenSSH shipped is high enough to have been vulnerable, but when I ran its server keys through the ssh-vulnkey tool, they came out as okay. The public keys I replaced as a matter of course.
Is the IT version of OpenSSH not based on debian's?