In 48 hours, the anti-sec movement will publicly unveil working exploit code and full details for the zero-day OpenSSH vulnerability we discovered. It will be posted to the Full-Disclosure security list.
Over the past 24 hours we've had a number of readers tell us that there is an OpenSSH exploit in active use. We cannot confirm its existence, other than a DOS exploit for OpenSSH that is on Milw0rm. If you have any concrete evidence of this (not rumors or URLs to blogs where people are discussing that there might be a problem) please let us know via our contact form. Again, no rumors and no links to discussions of rumors please. We need reports of active exploitation or other evidence that this a real issue.
