SSH
SSH
In computing, Secure Shell or SSH is both a computer program and an associated network protocol designed for logging into and executing commands on a networked computer. The designers of SSH aimed to replace the earlier rlogin, TELNET and rsh protocols, and the resultant protocol provides secure encrypted communications between two untrusted hosts over an insecure network. Users of SSH can also use it for tunneling, forwarding arbitrary TCP ports and X11 connections over the resultant secure channel; and can transfer files using the associated SFTP or SCP protocols. An ssh server, by default, listens on the standard TCP port 22.
Definitions provided by Wikipedia - The Free Encyclopedia
SSH Related Products
The Blue Coat ProxySG 210 provides an affordable appliance solution for remote offices where direct Internet access requires accelerated performance of business applications and granular control of web communications. At the edge of an organization’s application delivery infrastructure, the ProxySG 210 provides controlled acceleration of business applications across the globally-distributed enterprise.
More information
SSH Related Industry News
BT says: Protect your network from professional hackers It's not just the warchalkers you need to worry about... BT Openworld has this week thrown its weight behind the fight against 'Warchalking' - the practice of scrawling chalk marks on the outside of buildings with Wi-Fi networks to encourage passers by to surf on companies' unprotected bandwidth.
However, the UK ISP has warned that it's not just bandwidth pirates you need to worry about. Warchalkers have also drawn attention to the very......
[more] Mobility at the cost of security? The ability to log on to the Internet in a cafe or on a train has obvious benefits for workers on the road - but just how secure is it? The mass media has had a lot of fun with wireless security: war driving, virus insertion and bandwidth stealing have all had their day in the sun. Public hot spots are more vulnerable to attack than private networks, where individual users can have their hardware authenticated as permanent network members. This means when you lo......
[more] Execs Must Back Security Compliance Executives need to be proactive to bring their organizations into compliance. What do eating Big Macs, smoking tobacco products and driving while drunk have in common? They can kill you. But that doesn't stop millions of people from engaging in these activities anyway.
Despite warnings, people simply don't listen.
When it comes to information security, corporate executives are the same. Many CEOs, for example, are not the least bit risk-averse. They d......
[more] The Wi-Fi explosion: a virus writer's dream With the consumer Wi-Fi explosion, launching a virus into the wild has never been easier and more anonymous than it is today. Like a sneeze in a crowded subway, it's hard to find the human source of the latest viral infection. On the Internet it's not much different. The people who write these nasty little programs and release them into the wild almost never get caught. Why? The answer is easy, but it's also a sort of technical nemesis: there's simply......
[more] CyberGuard Provides Ten Tips for Corporations to Protect Customer Information from Identity Theft In the wake of the increasing cases of identity theft, Paul Henry, a leading security industry expert and Senior Vice President with CyberGuard Corporation, has developed ten recommended tips for corporate IT managers and Security Officers to protect customer information from identity theft. Mr. Henry has served as an expert commentator for a variety of media outlets, including NBC Nightly News, CN......
[more] Novell server under attack A company server at Novell, apparently used by employees for gaming purposes, has been hacked to scan for vulnerable ports on potentially millions of computers worldwide.
Chris Brandon, president of Brandon Internet Security, reported the problem to Novell. He said he had been first alerted to the hack when a client reported scanning activity several days ago.
The scans, which have been going on since 21 September use Port 22 - the default port for Secure Shell (SSH......
[more] Political hackers deface Novell SUSE sites Three Novell OpenSUSE community web site were defaced on Sunday by politically motivated hackers. Defacement archive Zone-H reports that a group called IHS Iran Hackers Sabotage broke into OpenSUSE.org, wiki.novell.com and forge.novell.com to post a message stating that it was Iran's right to develop nuclear power. All three sites were defaced in the same way (archive here).
OpenSUSE.org and forge.novell.com have since been restored to normal operatio......
[more] AppGate Launches MindTerm version 3.1, with many new features and faster operation AppGate today announced the launch of an upgrade to its highly popular Java-based SSH, secure remote access client, MindTerm. MindTerm is the most commercially used Java-based SSH client in the world. MindTerm is used by some of the world's leading manufacturers of communication equipment, integrating it into their products to provide secure encrypted communication. It is also available in a freeware version for......
[more] Cisco plugs VoIP malware loophole Cisco rushed out a brace of security on Thursday to defend against potentially dangerous exploits via its VoIP kit, including the possibility of malicious code being injected into vulnerable networks. The twin advisories from the network giant cover a range of vulnerabilities in Cisco IP Phones and its Unified Communications Manager (UCM) call management software.A range of Cisco 7900 Series IP Phones are subject to multiple flaws, some of which may lend themse......
[more] 5 ways insiders exploit your network Cox Communications employee William Bryant recently pleaded guilty to information technology sabotage, having caused the loss of computer, telecommunications and emergency 911 services for thousands of Cox's business and residential customers throughout Dallas, Las Vegas, New Orleans and Baton Rouge. Bryant faces a 10-year jail sentence and a $250,000 fine, but the future is less certain for Cox. Although services were fully restored, the incident's effect on......
[more] Brute-force SSH attacks surge An incident handler from SANS' Internet Storm Center has warned businesses to ensure their servers are secure as SSH attacks rose five-fold early this week. The SANS Internet Storm Center has warned businesses of rising numbers of brute-force SSH attacks. An SSH attack is a type of dictionary attack which aims to guess secure shell client usernames and passwords.Writing in the ISC's website diary, incident handler Scott Fendley warned security professionals to be a......
[more] Researcher: Debian cryptography may be flawed A security researcher has warned that cryptographic keys generated in the last year and a half using Debian OpenSSL may be invalid. HD Moore, director of research for network-security company BreakingPoint Systems, posted details of the compromise on Metasploit.com on Wednesday.According to Moore, a bug in a Debian OpenSSL package was created in 2006 by the removal of a piece of code, which was taken out to stop the Valgrind and Purify security tool......
[more] After Debian's epic SSL blunder, a world of hurt for security pros It's been more than a week since Debian patched a massive security hole in the library the operating system uses to create cryptographic keys for securing email, websites and administrative servers. Now the hard work begins, as legions of admins are saddled with the odious task of regenerating keys too numerous for anyone to estimate. The flaw in Debian's random number generator means that OpenSSL keys generated over the past 20......
[more] Corporations riddled with security holes Poor corporate IT security is leaving businesses vulnerable - with almost 90 per cent of breaches found to have been preventable. A trio of studies have painted a damning picture of business security, with online vulnerabilities rising as companies and authorities fail to apply patches, update antivirus software and leave firewalls disabled. Vulnerabilities on UK company and public sector networks grew from 19 last year to 21 this year according......
[more] Hacked iPhone 3G causes security concerns Reports have emerged today that a Brazilian company has unlocked Apple’s much-hyped iPhone 3G ending the requirement to connect the device to exclusive carriers. And, the iPhone Dev Team has claimed it is close to a full software jailbreak, a technique that bypasses digital rights management (DRM) on the device. Less than a week after the iPhone’s release, the news may excite users in Brazil, China and Malaysia who were left off Apple’s supp......
[more] OpenSSH chink bares encrypted data packets Cryptographers are urging users of a widely employed network protocol to make sure they're running the latest version after discovering a flaw that could allow attackers to read data that's supposed to remain encrypted. All programs that incorporate the OpenSSH implementation of SSH, short for Secure Shell, should make sure they use version 5.2, which provides several countermeasures to prevent the attacks. Other SSH implementations may be vulnerable a......
[more] The 10 dumbest mistakes network managers make When you look at the worst corporate security breaches, it's clear that network managers keep making the same mistakes over and over again, and that many of these mistakes are easy to avoid. In 2008, Verizon Business analyzed 90 security breaches that represented 285 million compromised records. Most of these headline-grabbing incidents involved organized crime finding an unprotected opening into a network and using it to steal credit card data, Soc......
[more] OpenSSH flaw is a hoax warn researchers Security researchers have warned that a reported flaw in OpenSSH (Secure Shell) is a probable hoax. Earlier this week, SANS received an anonymous email claiming of a zero-day vulnerability in OpenSSH, which means a flaw in the software is already being exploited as it becomes public. OpenSSH (Secure Shell), is used by administrators to make encrypted connections with other computers and do tasks such as remotely updating files. OpenSSH is the open-source......
[more] Security elite pwned on Black Hat eve On the eve of the Black Hat security conference, malicious hackers posted a 29,000-line file detailing embarrassing attacks that took complete control of servers and websites run by several high-profile security researchers, including Dan Kaminsky and Kevin Mitnick. The file posted on security mailing lists claimed to have obtained more than four years' worth of data from Kaminsky, and as proof, it offered a smattering of emails, instant messages, and other......
[more] First iPhone worm spreads Rick Astley wallpaper The first worm written for Apple's iPhone has been unleashed and is infecting phones in Australia. However, the worm, known as Ikee, is only a threat to users who have jaibroken their phones to let them run unauthorized software, security experts say. In fact, Ikee doesn't do anything particularly bad -- it changes the victim's wallpaper to a photograph of 80s singer Rick Astley and then seeks out other phones to infect -- but it could be modified......
[more] First malicious iPhone worm slithers into wild A Dutch internet service provider has identified a worm that installs a backdoor on jailbroken iPhones and makes them part of a botnet. The worm, according to XS4ALL, targets jailbroken iPhones whose owners have carelessly failed to change the default password. In addition to connecting to a Lithuanian master command channel, it also changes the root password for the device, making it harder for owners trying to regain control. Infected iPhones are......
[more] Researcher says iPhone data model could lead to malware If you're feeling whiplash over the state of iPhone security, you're in good company. Last month, the first iPhone worms were reported, which either rickrolled your iPhone with a background picture of Mr. Astley, or did far worse things to your software and data. But the only people who were vulnerable were people who had jailbroken their phones, turned on SSH services, and neglected to change their root password. And we all know that peo......
[more] How to protect against Firesheep attacks Security experts today suggested ways users can protect themselves against Firesheep, the new Firefox browser add-on that lets amateurs hijack users' access to Facebook, Twitter and other popular services via Wi-Fi. Firesheep adds a sidebar to Mozilla's Firefox browser that shows when anyone on an open network -- such as a coffee shop's Wi-Fi network -- visits an insecure site. A simple double-click gives a hacker instant access to logged-on sites rangin......
[more] Top five most serious internet security holes Businesses can leave themselves vulnerable to date theft and other online threats; particularly as security and IT budgets are under pressure as businesses look to save money. Although money is tight, it is important companies stay protected online, as on average, the total cost of security breaches including lost business in the UK last year was $2,565,702 (US dollars). Data theft and other online threats presently represent a significant danger for......
[more] After attack, SourceForge speeds move to new security model The open-source software development site SourceForge is speeding up its move to a new a security model following a targeted attack that may have compromised the passwords of its large user base. SourceForge, which hosts more than 260,000 projects, discovered the attack last Wednesday. It believes the attack was aimed at capturing passwords. "Our analysis uncovered (among other things) a hacked SSH daemon, which was modified to do......
[more] IPhone attack reveals passwords in six minutes Researchers in Germany say they've been able to reveal passwords stored in a locked iPhone in just six minutes and they did it without cracking the phone's passcode. The attack, which requires possession of the phone, targets keychain, Apple's password management system. Passwords for networks and corporate information systems can be revealed if an iPhone or iPad is lost or stolen, said the researchers at the state-sponsored Fraunhofer Institute Sec......
[more] New Palo Alto software enforces security policies on all corporate laptops Palo Alto Networks is coming out with software that extends its next-generation firewall protection to individual laptops no matter where they are when they tap into business networks. Called Global Protect, the software agent sets up an SSL session over the Internet to the nearest corporate Palo Alto security gateway, which enforces the security policies that have been set up for that particular user and device. The com......
[more] The encryption keys used to secure data have become the keys to the kingdom Back in the mid 70s, the use of encryption in enterprises was pretty much unheard of. Soon companies started to introduce some encryption in limited instances, such as encoders on communication lines to encrypt financial transactions. A major breakthrough in the 90s saw the rapid expansion of the use of encryption with the arrival of asymmetric key encryption. And asymmetric encryption gave birth to two technologies that......
[more]
