OpenSSH Vulnerability
OpenSSH announced that OpenSSH 6.2 and 6.3 are vulnerable to an authenticated code execution flaw. The vulnerability affects the AES-GCM cipher. As a quick fix, you can disable the cipher (see the URL below for details). Or you can upgrade to OpenSSH 6.4.
A user may bypass restrictions imposed to the users account by exploiting the flaw, but the user needs valid credentials to take advantage of the flaw.
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
What Happened to the SANS Ads?
You may have noticed that the "ad" frame we use in the top right corner has been empty for the last couple days. Oddly, we didn't get a lot of complaints about that ;-)
The reason is pretty simple: The SANS ads are included via an iframe. However, iframes, as Smit B. Shah pointed out in an e-mail to the SANS webmaster, can also be used in clickjacking attacks. So we decided to implement a simple anti-clickjacking defense by adding the "X-Frame-Options: SAMEORIGIN" header to all sans.org pages. Of course, "isc.sans.edu" is not "sameorigin" and the ads no longer show up if your browser supports the header.
Yes, there are Javascript tricks to prevent clickjacking, but they are far from reliable. If you still see the ads: You probably should use a newer browser. Of course, we will exempt some pages (like the ads ;-) ) from the header in the future, but for now figured that adding the header is more important then showing ads.
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Comments