OpenSSH 0-day exploit HOAX

Okay okay, calm down people…. calm down… This week rumours spread all over the internet that a 0-day attack against openSSH was used to compromise computer systems. Everyone was advised to upgrade to the latest version of openSSH even though there was not a single piece of evidence of this attack. Sure there was a nice (and somewhat entertaining) ’script’ dump of an alledged attack (also read the small comments inside the script dump, very funny at times). In this dump you can see that they used a tool called 0penPWN (also called 0pen0wn) that alledgedly breaks openSSH. But I think we are all able to fake some output aren’t we? Here’s another dump of an alledged attack.

Damien Miller (openSSH) responded that he still has not gotten a single piece of evidence of a 0-day exploit. He summarizes some of the possible attacks and argues that its very unlikely that openSSH can be compromized in those ways. It seems that the actual hacks were brute-force password attacks that actually succeeded.
Continue reading here....