VNU Net: Researchers develop SSH cracker

Aug 23, 2001, 08:01 (11 Talkback[s])
(Other stories by James Middleton)

"Researchers at the University of California at Berkeley have discovered more vulnerabilities in Secure Shell (SSH) which allow an attacker to learn significant information about what data is being transferred in SSH sessions, including passwords.

SSH was designed as a secure channel between two machines, based on strong encryption and authentication. But by observing the rhythm of keystrokes, and using advanced statistical techniques on timing information collected, attackers can pick up significant details.

Each keystroke from a user is immediately sent to the target machine as a separate IP packet. By performing a statistical study on a user's typing patterns, and applying a key sequence prediction algorithm, the researchers managed to successfully predict key sequences from inter-keystroke timings."

Complete Story

Related Stories:

• FreeBSDZine.org: SMTP over an SSH Tunnel(May 21, 2001)
• LinuxSecurity: Encrypted Tunnels using SSH and MindTerm(May 19, 2001)
• ITWorld.com: Make SSH do more(Apr 15, 2001)
• SSH Communications Security announces SSH 3.0(Apr 10, 2001)
• NetworkWorldFusion: SSH inventor denied trademark request (Mar 22, 2001)
• Linux Gazette: ssh suite: Sftp, scp and ssh-agent(Mar 12, 2001)
• Tatu Ylonen (of SSH Communications Security Corp.): ssh(R) trademark issues: comments and proposal(Feb 17, 2001)
• LinuxNews.pl: SSH bug(Feb 11, 2001)
• PlanetIT: OpenSSH 2.3 And SSH Secure Shell 2.4(Jan 15, 2001)
• O'Reilly.com: dsniff and SSH - Reports of My Demise are Greatly Exaggerated(Dec 25, 2000)
• MandrakeUser.org: SSH provides encrypted and authenticated network connections. [Tutorial](Jul 14, 2000)
• DevShed: The Shell Game [Using SSH To Secure Your Connections](May 31, 2000)