by kimi on 4/17/25, 1:29 PM with 51 comments
by aftbit on 4/17/25, 2:28 PM
>Any service using Erlang/OTP's SSH library for remote access such as those used in OT/IoT devices, edge computing devices are susceptible to exploitation.
https://thehackernews.com/2025/04/critical-erlangotp-ssh-vul...
by formerly_proven on 4/17/25, 3:31 PM
{send, hello},
{send, ssh_msg_kexinit},
{match, #ssh_msg_kexinit{_='_'}, receive_msg},
{send, SshMsgChannelOpen},
{send, SshMsgChannelRequest},
{match, disconnect(), receive_msg}
https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a...edit: Ah, found by the people at RUB, they do a lot of research in verifying protocol implementations iirc.
by throwawaymaths on 4/17/25, 4:05 PM
by rramadass on 4/17/25, 2:43 PM
by marioflach on 4/17/25, 9:39 PM
https://git-scm.com/docs/protocol-v2
https://git-scm.com/book/ms/v2/Git-on-the-Server-The-Protoco...
Adding support for Git over SSH was very easy using Erlang built-in SSH libs.
https://github.com/redrabbit/git.limo
https://github.com/redrabbit/git.limo/blob/master/apps/gitgu...
by qwertox on 4/17/25, 4:22 PM
by aposm on 4/17/25, 5:22 PM
by bilekas on 4/17/25, 5:04 PM
by r3tr0 on 4/17/25, 7:25 PM
you can try our sandbox at https://yeet.cx/play