Users who choose to enable X11Forwarding in OpenSSH, or those who use software products that re-enable it, should pay close attention to last Wednesday’s OpenSSH security update. The latest version of the open source implementation of the SSH protocol patches a flaw that exposes it to command injection attacks. The open source project cautions that OpenSSH...

OpenSSH on Friday dropped a patch for a vulnerability that could expose files to theft and manipulation. The flaw affects all versions of OpenSSH prior to 7.2p2 with X11Forwarding enabled, the OpenSSH project said in its advisory. Unpatched versions of OpenSSH don’t properly sanitize input and can be abused to inject commands to xauth. “Injection...

Mike Mimoso and Chris Brook discuss the week in news, including a critical flaw patched by OpenSSH, the curious tale behind a Silverlight zero day, and how to turn a hacked webcam into a backdoor. Download: news_wrap_01-08-16.mp3 Music by Chris Gonsalves

OpenSSH today released a patch for a critical vulnerability that could be exploited by an attacker to force a client to leak private cryptographic keys. The attacker would have to control a malicious server in order to force the client to give up the key, OpenSSH and researchers at Qualys said in separate advisories. Qualys’ security...