We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
In my line of work it is inevitable, but always shocking, to see the number of high-risk security flaws developers have left behind. Most worryingly, a major proportion of vulnerabilities are due to a basic misunderstanding of the internet protocol and . . .
At least one major security vulnerability exists in many deployed OpenSSH versions (2.9.9 to 3.3). Please see the ISS advisory, or OpenSSH advisory on this topic where simple patches are provided for the pre-authentication problem. . . .
Update:Another follow up statement was written by ISSAtlanta also issued through Bugtraq. Apparently ISS is still recieving emails about this issue.. . .
