Roman Danyliw, Chad Dougherty, and John Shaffer. Exploitation of vulnerability in SSH1 CRC-32 compensation attack detector. Incident Note IN-2001-12, CERT, November 2001.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....scalable alternative to deterministic flooding. Currently, security advisories are written for systemadministrators. However, it is a notorious fact that many system administrators are tardy in applying security patches. For example, more than a year after the discovery of the critical CRC32 bug [21], over 30 of the SSH servers still were vulnerable. Reasons that administrators do not update their systems include lack of time, but also fear of breaking existing applications and systems. We believe that a more selective approach like Indra may help keep systems secure even when updates have ....

Roman Danyliw, Chad Dougherty, and John Shaffer. Exploitation of vulnerability in SSH1 CRC-32 compensation attack detector. Incident Note IN-2001-12, CERT, November 2001.

....Currently, security advisories are written for systemadministrators. However, it is a notorious fact that Watchers, Listeners or AccessControllers 4 many system administrators are tardy in applying security patches. For example, more than a year after the discovery of the critical CRC32 bug [21], over 30 of the SSH servers still were vulnerable. Reasons that administrators do not update their systems include lack of time, but also fear of breaking existing applications and systems. We believe that a more selective approach like Indra may help keep systems secure even when updates have ....

Roman Danyliw, Chad Dougherty, and John Shaffer. Exploitation of vulnerability in SSH1 CRC-32 compensation attack detector. Incident Note IN-2001-12, CERT, November 2001.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC