A highly dangerous SSH flaw discovered a few months ago could still cause your organisation headaches, according to security experts.
The vulnerability was first made public when it emerged last November that researchers at Royal Holloway's Information Security Group had found the flaw, which could allow hackers access to sensntive data.
SSH, or the Secure Shell Protocol, was designed to provide a secure channel between networked devices by encrypting data and is widely used by system administrators to allow them to securely access remote systems and to transfer sensitive data across the internet, according to the ISG.
The team duly discovered a basic design flaw which opens up the possibility of limited plaintext recovery attacks against SSH.
Although the attack is difficult to achieve, it is a very dangerous flaw given the fact that SSH is meant to be bullet-proof, and because of what it is meant to protect.
And although the open source implementation of SSH, OpenSSH, as well as a commercial product techTIA, have been updated to include protection for the flaw, firms could still be at risk, according to Gartner analyst John Pescatore.
"If you're using an inexpensive web hoster, query them to make sure they've patched the flaw," he said. "In addition, quite often these open source technologies are built into other pieces of software, so it's important to check if you have some in use, in places you didn't know about."
He advised firms undertake vulnerability scans of their systems to detect if they are running any unpatched versions of SSH.
The spacecraft found traces of hydrogen and oxygen molecules, known as hydroxyls, embedded in the rocky surface of the asteroid
The skeleton was unearthed more than 20 years ago in South Africa
Moon's dark side is mountainous, rugged and never visible from the Earth
The groundwater basins in some areas of Tehran have been damaged irreversibly