Theo's hole just got a little wider

21 years ago
www.openbsd.org now says: "One remote hole in the default install, in nearly 6 years!"

___0___ DAYS WITHOUT AND ON-SITE INJURY!

Tags:
Current Music: Panacea -- Motion Sickness ♬

7 Responses:

  1. trysha says:
    21 years ago at 6:15 am

    Hmm, they toned it down a bit.

    Earlier this morning it said:

    "one remote root hole in the default install, in nearly 6 years!"
    • anonymous says:
      21 years ago at 6:43 am

      Are you sure? I can't find any evidence of that

      -Mitch
      • trysha says:
        21 years ago at 7:27 am

        *looks in my zephyr history*


        <12:09:47> jkujawa  sp[]      The OpenSSH fix is out.  3.4.
        <12:10:36> patricia sp[]      *cries*
        <12:12:46> jpayne   sp[]      At least one major security vulnerability exists in many deployed OpenSSH
        <12:12:47> jpayne   sp[]      versions (2.9.9 to 3.3).
        <12:13:24> jpayne   sp[]      what version of ossh did we deploy?  2.9
        <12:18:38> jkujawa  sp[]      check out the new motto on the www.openbsd.org
        <12:19:05> patricia sp[]      hehe
        <12:19:18> patricia sp[]      "one remote root hole in the default install, in nearly 6 years!"

        I didn't retype that, I cut and pasted it from the openbsd website into zephyr, then pasted it from my zephyr logs into this lj.
        Hmm, the capitalization is off too. Not very professional.

        Maybe mozilla's manipulation of the cut and paste buffer is trying to give Theo a bad name!
        Maybe jwz had planned for mozilla to do this from the beginning!
        Maybe I retyped it in, incorrectly, after reading what i wanted to see, and my brain was eaten by zombies so I don't remember!
        Maybe they got "practical joked" for a few minutes and the file was restored from the CVS without ever being checked in.
        Maybe they knew the CVS was public, and edited it too!
        Maybe I'm an internet crackpot trying to stir up trouble!

        Who knows! But hey, it doesn't matter what I say, I'm some random nobody posting in a blog on the interweb :)

        I'm most likely to suspect that brain rot is the cause.
        • saintnobody says:
          21 years ago at 9:16 am

          ...unless they weren't running the latest version of ssh on their web server, and there's an exploit in the wild.

          think about it: if you had a root exploit against openbsd (and had no moral qualms with using it), what would you do with it? an awful lot of people would be tempted to update that statistic on the web site. :-)

          or it could be Gobbles' root exploit against openbsd apache that did it. maybe they didn't upgrade apache soon enough.
          • eaterofhands says:
            21 years ago at 1:12 pm

            Except that OpenBSD.org isn't run on OpenBSD. It's run off of a sun server at the University of Alberta. See the FAQ.

            So the security of their public webpage isn't entirely in their hands anyway.
      • jwz says:
        21 years ago at 7:37 am

        Please to be understanding the meaning of quotation marks.
  2. hepkitten says:
    21 years ago at 7:59 am

    "___0___ DAYS WITHOUT AND ON-SITE INJURY!" ?????

Comments are closed because this post is 21 years old.