[CLUE-Tech] sshd question
Kevin Cullis
kevincu at orci.com
Sat Aug 16 11:37:40 MDT 2003
On Mon, 2003-08-11 at 09:50, David Anselmi wrote:
> > Panic.
>
> That's the first thing I always do. ;-)
>
Yep, I did too, and am still worried until I understand it better.
> [...]
> > Trust me, you *don't* want to support Protocol 1. At all.
>
> Strong words without a complete risk analysis. Can you explain what an
> attacker would have to do to exploit the version 1 protocol, so Kevin
> can make an informed decision about using it?
>
This is by far one of the best answers I've seen, Dave!! Thanks.
> > My point was that this sort of fuzzy thinking doesn't belong on this
> > list. Some people on here are not security experts and will take
> > what you say as gospel.
You made a VERY valid point. Some of us will never reach some of the
level of expertise as those on this list, if we did we'd all have or
fight for the same job. To help those with this, maybe a couple of
hints as to what to do next time us "untechies" ask a question:
1. Where are they in their search for answers.
2. Where are they going in their search for answers.
3. Give them a few sources to consider for those that want to learn
"What's Next" to solve their problem, i.e. they have some talent/time to
figure it out for themselves.
4. If they won't do it (no time), charge them to help them if you're so
inclined, or get at least a letter of reference if you do it for free.
5. If they can't do it (no time, no talent), charge them and ask for a
job!! :-)
Kevin
More information about the clue-tech
mailing list