Helsinki, Finland -
May 19, 2005
SSH Tectia Newsletter Vol. 13 - Secure Shell and Address Harvesting
SSH Communications Security >> http://www.ssh.com
======================================================
[ SSH TECTIA NEWSLETTER (VOLUME 13) ] < May 19, 2005 >
======================================================
* Product News (1) - Secure Shell and Address Harvesting
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Last week, a group of researchers at MIT published a paper with the title "Inoculating SSH Against Address-Harvesting Worms". The paper generated global PR coverage and among other stories inspired Bruce Schneier to write about the "potential for an SSH worm" in his monthly newsletter.
It is important to understand that the paper DOES NOT INTRODUCE ANY NEW VULNERABILITY in the Secure Shell protocol or protocol implementations. Instead the paper explores a potential scenario, where the attacker has already been independently able to impersonate the user and the host is therefore already compromised.
For more information, please visit www.ssh.com/mit/newsletter.html.
* Product News (2) - SSH Tectia Server 4.3.1 Released
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SSH Tectia Server (Windows) 4.3.1 was released on May 16, 2005. If you have a valid 4.3.x license file, you can get the update package for this product from http://www.ssh.com/support/downloads/tectia-server/updates-and-packages-4-3.html.
If you do not have a valid 4.3.x license file, and you are not a customer with a support agreement, you can purchase the new product version from SSH Online Store at http://www.ssh.com/company/sales/.
*Whats new in SSH Tectia Server (Windows) 4.3.1?
-In SSH Tectia Server for Windows Server 2003, public-key authenticated users were not permitted to execute commands in windows\system32 directory. This has been fixed.
* Tips & Tricks: Editing of remote files with SSH Tectia Client on Windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When double-clicking a file in a remote folder in the SFTP window of SSH Tectia Client, the file is copied to the client's C:\Documents and Settings\\Application Data\SSH\temp directory. After that, the default application associated to the extension type is launched to open the file.
Once the local editing for the file has been done, SSH Tectia Client will ask whether you want to upload the modified file to the server.
* New Documents Available at SSH Resource Center
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
**Application Note: SSH Tectia for Linux on IBM POWER processor-based systems
http://www.ssh.com/documents/49/SSHTectia_IBM_ApplicationNote.pdf
**White Paper: SSH Tectia for IBM Mainframes
This document describes how SSH Tectia can be used to secure file transfer, TN3270 connections, and Unix shell access to IBM z/OS mainframes. Registration is required to download the paper.
http://www.ssh.com/resources/mainframewp-download.mpl
* Trade Shows & Events
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Upcoming events:
We will also be participating in various other events throughout the world. More information is available on our events site at http://www.ssh.com/company/events/.
* SSH Headlines
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 26, 2005
SSH and SoftLink Team to Offer Secure and Scalable File exchange Solutions
http://www.ssh.com/company/newsroom/article/641/
April 19, 2005
SSHs Interim Report for January 1 - March 31, 2005
http://www.ssh.com/company/newsroom/article/639/
======================================================
# SSH Tectia Newsletter Mailing List #
------------------------------------------------------
This e-mail has been sent to evaluators of SSH products and others who have been in contact with us in the past and who have agreed that we send you the SSH Tectia Newsletter.
To unsubscribe from the mailing list, send a blank e-mail to from the e-mail account you wish to unsubscribe, or visit http://www.ssh.com/company/newsroom/unsubscribe.mpl.
# SSH Security & Release Alert Mailing List #
-------------------------------------------------------
If you would like to receive security alerts and notices about new version releases of SSH products, please subscribe to SSH Security & Release Alert mailing list at http://www.ssh.com/company/newsroom/subscribe.mpl.
=======================================================
Sincerely,
SSH Communications Security >> http://www.ssh.com
======================================================
[ SSH TECTIA NEWSLETTER (VOLUME 13) ] < May 19, 2005 >
======================================================
- Product News(1) - Secure Shell and Address Harvesting
- Product News(2) - SSH Tectia Server 4.3.1 Released
- Tips & Tricks
- New Documents at SSH Resource Center
- Trade Shows & Events
- SSH Headlines
- Subscribing & Unsubscribing to Mailing Lists
* Product News (1) - Secure Shell and Address Harvesting
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Last week, a group of researchers at MIT published a paper with the title "Inoculating SSH Against Address-Harvesting Worms". The paper generated global PR coverage and among other stories inspired Bruce Schneier to write about the "potential for an SSH worm" in his monthly newsletter.
It is important to understand that the paper DOES NOT INTRODUCE ANY NEW VULNERABILITY in the Secure Shell protocol or protocol implementations. Instead the paper explores a potential scenario, where the attacker has already been independently able to impersonate the user and the host is therefore already compromised.
For more information, please visit www.ssh.com/mit/newsletter.html.
* Product News (2) - SSH Tectia Server 4.3.1 Released
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SSH Tectia Server (Windows) 4.3.1 was released on May 16, 2005. If you have a valid 4.3.x license file, you can get the update package for this product from http://www.ssh.com/support/downloads/tectia-server/updates-and-packages-4-3.html.
If you do not have a valid 4.3.x license file, and you are not a customer with a support agreement, you can purchase the new product version from SSH Online Store at http://www.ssh.com/company/sales/.
*Whats new in SSH Tectia Server (Windows) 4.3.1?
-In SSH Tectia Server for Windows Server 2003, public-key authenticated users were not permitted to execute commands in windows\system32 directory. This has been fixed.
* Tips & Tricks: Editing of remote files with SSH Tectia Client on Windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When double-clicking a file in a remote folder in the SFTP window of SSH Tectia Client, the file is copied to the client's C:\Documents and Settings\
Once the local editing for the file has been done, SSH Tectia Client will ask whether you want to upload the modified file to the server.
* New Documents Available at SSH Resource Center
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
**Application Note: SSH Tectia for Linux on IBM POWER processor-based systems
http://www.ssh.com/documents/49/SSHTectia_IBM_ApplicationNote.pdf
**White Paper: SSH Tectia for IBM Mainframes
This document describes how SSH Tectia can be used to secure file transfer, TN3270 connections, and Unix shell access to IBM z/OS mainframes. Registration is required to download the paper.
http://www.ssh.com/resources/mainframewp-download.mpl
* Trade Shows & Events
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Upcoming events:
- Tokyo, Japan: NetWorld + Interop Tokyo 2005, June 8 - 10
- Scottsdale, AZ, USA: NetSec 2005, June 13 - 15
We will also be participating in various other events throughout the world. More information is available on our events site at http://www.ssh.com/company/events/.
* SSH Headlines
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 26, 2005
SSH and SoftLink Team to Offer Secure and Scalable File exchange Solutions
http://www.ssh.com/company/newsroom/article/641/
April 19, 2005
SSHs Interim Report for January 1 - March 31, 2005
http://www.ssh.com/company/newsroom/article/639/
======================================================
# SSH Tectia Newsletter Mailing List #
------------------------------------------------------
This e-mail has been sent to evaluators of SSH products and others who have been in contact with us in the past and who have agreed that we send you the SSH Tectia Newsletter.
To unsubscribe from the mailing list, send a blank e-mail to from the e-mail account you wish to unsubscribe, or visit http://www.ssh.com/company/newsroom/unsubscribe.mpl.
# SSH Security & Release Alert Mailing List #
-------------------------------------------------------
If you would like to receive security alerts and notices about new version releases of SSH products, please subscribe to SSH Security & Release Alert mailing list at http://www.ssh.com/company/newsroom/subscribe.mpl.
=======================================================
Sincerely,
SSH Communications Security >> http://www.ssh.com
© 2005 SSH Communications Security Corp. All rights reserved. ssh® is a registered trademark of SSH Communications Security Corp in the United States and in certain other jurisdictions. All other names and marks are property of their respective owners.