Home > Confidentiality, Encryption, Integrity, SSH, Tech Note > Securing Secure Shell

Securing Secure Shell

I was passed an interesting article, this morning, regarding hardening secure shell (SSH) against poor crypto that can be a victim of cracking by the NSA and other entities.  The article is well written and discusses why the changes are necessary in light of recent Snowden file releases.

  1. Kevin Otte
    2015-01-06 at 11:19 EST

    The thing that’s always confused me about security software: Why is the default stance backward compatibility rather than proper security? If the whole point of your product is to keep data safe, default to secure with big warnings of “If you enable these options you could get owned” rather than “Oh, we’ll let everything in and it’s on you to tighten it down.”

    • 2015-01-06 at 12:18 EST

      You and me both. The common arguement I get from $dayjob is that we don’t want to break things for customers. If they suddenly did an update and things broke they’d be in trouble. Okay, I get that… but if things break it’s because they aren’t secure and shouldn’t the customer know that they are using insecure stuff?

      Perhaps one day we’ll be secure-by-default.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s