[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape hole without .Xauthority (fwd)

To: [email protected]
Subject: Re: Netscape hole without .Xauthority (fwd)
From: Michael J Gebis <[email protected]>
Date: Wed, 4 Oct 1995 11:11:04 -0500 (EST)
Sender: [email protected]

Robert Owen Thomas wrote:
> more and more, networks are becoming flooded with X traffic.  although X
> has always been known to be a potential security hole, i think X-attacks
> are going to increase dramatically in the coming months.
> 
> i commonly hear of sights with Xauthority enabled, only to have the user
> community type "xhost +" at the prompt.  bad karma.  the days of pumping
> rude & crass noises to someone else's workstation will soon graduate to
> more nefarious and insidious attacks.
> 
> is anyone looking into a means of securing X (above and beyond the current
> weak solutions)?
 
I have not used it for this purpose, but ssh claims to do "Secure X11
sessions."  

Actually, I'm interested in what the cypherpunks think of ssh in
general; I'm not able to do a strong analysis of the code myself.  If
it does everything it claims to do, it's a very powerful tool;
however, I don't know of any in-depth studies of ssh security.

-- 
Mike Gebis  [email protected]

Prev by Date: ACLU Cyber-Liberties Update 10/4
Next by Date: Re: About that simple hardware RNG
Prev by thread: Re: Netscape hole without .Xauthority (fwd)
Next by thread: (fwd) ETO Trade Points : Correction
Index(es):
- Date
- Thread