VNU Net: Researchers develop SSH cracker

"Researchers at the University of California at Berkeley have discovered more vulnerabilities in Secure Shell (SSH) which allow an attacker to learn significant information about what data is being transferred in SSH sessions, including passwords.

SSH was designed as a secure channel between two machines, based on strong encryption and authentication. But by observing the rhythm of keystrokes, and using advanced statistical techniques on timing information collected, attackers can pick up significant details.

Each keystroke from a user is immediately sent to the target machine as a separate IP packet. By performing a statistical study on a user's typing patterns, and applying a key sequence prediction algorithm, the researchers managed to successfully predict key sequences from inter-keystroke timings."

Complete Story

Related Stories:

• FreeBSDZine.org: SMTP over an SSH Tunnel(May 20, 2001)
• LinuxSecurity: Encrypted Tunnels using SSH and MindTerm(May 19, 2001)
• ITWorld.com: Make SSH do more(Apr 15, 2001)
• SSH Communications Security announces SSH 3.0(Apr 09, 2001)
• NetworkWorldFusion: SSH inventor denied trademark request (Mar 22, 2001)
• Linux Gazette: ssh suite: Sftp, scp and ssh-agent(Mar 11, 2001)
• Tatu Ylonen (of SSH Communications Security Corp.): ssh(R) trademark issues: comments and proposal(Feb 16, 2001)
• LinuxNews.pl: SSH bug(Feb 10, 2001)
• PlanetIT: OpenSSH 2.3 And SSH Secure Shell 2.4(Jan 14, 2001)
• O'Reilly.com: dsniff and SSH - Reports of My Demise are Greatly Exaggerated(Dec 24, 2000)
• MandrakeUser.org: SSH provides encrypted and authenticated network connections. [Tutorial](Jul 14, 2000)
• DevShed: The Shell Game [Using SSH To Secure Your Connections](May 31, 2000)