Cafe Bucky

Got OpenSSH on your Linux box?

Upgrade time: new ssh expoit?

Didn’t I go through this fire drill earlier this year? Yep …

Since I run my own box at a colo, I’m sort of forced to pay attention to Linux security issues. On the one hand, I’m glad that we’re past the ftp and telnet days, and have reasonable “more secure” alternatives. On the other, you would think we’d have some pretty solid code by now. In this case, I couldn’t find an automatic upgrade package (because it was too early for there to be one). I trot off, find the source, dutifully compile and install, and feel a small sigh of relief: “well, patched that one!”. Followed by “what next?”.

I can’t imagine being serious about running some sort of Microsoft server. How many massive security bugs do admins of that junk contend with every single month? The times where I feel compelled to jump on to my server and fix things are few and far between.

But still, it does get old. I’ve been upgrading software for, what … 20 years or so now? Geez, that’s a lot. I don’t mind if it’s some sort of application. It’s always the OS/Security stuff that gets me. I roll my eyes and think “c’mon, get it right already!”. I tossed in a photo of the Other Cat, a Burmese named Valentine. Think he cares about this security stuff? Heck no! He just wants to sit on the monitor, veg out, and make sure I keep Groove Salad going. What a bum.

Getting back to the solid code issue: it’s not that simple, of course. So I raise an Ale in the general direction of the White Hats that fix things and get alerts out there for us ServerAdmins to act on. I know it’s hard to nail down everything because the problem is fundamentally Difficult.

Well, that made for an exciting morning. Now where the fark was I? (that’s the thing about these security alerts - they are the railyard switch in your morning. “you WILL take this track right now!”)

Date: Tuesday, September 16th, 2003 at 12:35 pm | Category: Linux | RSS Feed: RSS 2.0 feed.

Both comments and pings are currently closed.