Theo's hole just got a little wider now says: "One remote hole in the default install, in nearly 6 years!"



7 Responses:

  1. trysha says:

    Hmm, they toned it down a bit.

    Earlier this morning it said:

    "one remote root hole in the default install, in nearly 6 years!"

    • anonymous says:

      Are you sure? I can't find any evidence of that


      • trysha says:

        *looks in my zephyr history*

        <12:09:47> jkujawa sp[] The OpenSSH fix is out. 3.4.
        <12:10:36> patricia sp[] *cries*
        <12:12:46> jpayne sp[] At least one major security vulnerability exists in many deployed OpenSSH
        <12:12:47> jpayne sp[] versions (2.9.9 to 3.3).
        <12:13:24> jpayne sp[] what version of ossh did we deploy? 2.9
        <12:18:38> jkujawa sp[] check out the new motto on the
        <12:19:05> patricia sp[] hehe
        <12:19:18> patricia sp[] "one remote root hole in the default install, in nearly 6 years!"

        I didn't retype that, I cut and pasted it from the openbsd website into zephyr, then pasted it from my zephyr logs into this lj.
        Hmm, the capitalization is off too. Not very professional.

        Maybe mozilla's manipulation of the cut and paste buffer is trying to give Theo a bad name!
        Maybe jwz had planned for mozilla to do this from the beginning!
        Maybe I retyped it in, incorrectly, after reading what i wanted to see, and my brain was eaten by zombies so I don't remember!
        Maybe they got "practical joked" for a few minutes and the file was restored from the CVS without ever being checked in.
        Maybe they knew the CVS was public, and edited it too!
        Maybe I'm an internet crackpot trying to stir up trouble!

        Who knows! But hey, it doesn't matter what I say, I'm some random nobody posting in a blog on the interweb :)

        I'm most likely to suspect that brain rot is the cause.

        • saintnobody says:

          ...unless they weren't running the latest version of ssh on their web server, and there's an exploit in the wild.

          think about it: if you had a root exploit against openbsd (and had no moral qualms with using it), what would you do with it? an awful lot of people would be tempted to update that statistic on the web site. :-)

          or it could be Gobbles' root exploit against openbsd apache that did it. maybe they didn't upgrade apache soon enough.

          • eaterofhands says:

            Except that isn't run on OpenBSD. It's run off of a sun server at the University of Alberta. See the FAQ.

            So the security of their public webpage isn't entirely in their hands anyway.

      • jwz says:

        Please to be understanding the meaning of quotation marks.

  2. hepkitten says:

    "___0___ DAYS WITHOUT AND ON-SITE INJURY!" ?????