The University of London has just published news pertaining to a serious vulnerability in the popular Open Secure Shell(OpenSSH) encryption algorithm.
Their shocking revelation is that attackers are able to effectively ‘steal’ 32 bits of plaintext data in an exploit, which is active in some versions of OpenSSH on the linux platform.

This recent vulnerability has been identified as critically important because researchers have admitted to the significance of this as a major design flaw in OpenSSH.

Essentially, this is a main-in-the-middle attack with a difference. By snooping packets of data and sending them back to the server repeatedly until an error is triggered and the encryption is breached. This results in attackers slowly being able to reconstruct messages.

Whilst the vulnerability in all honesty is relatively minor as it is tremendously difficult to exploit, the fact that it exists has put a cloud of doubt over OpenSSH.
The attacks were revealed at the IEE security symposium, which was held in California, and the full details of the flaw were released into the public in order to raise awareness and force organizations to move over to more secure methods.

The security vulnerability in OpenSSH has been identified and fixed, but software professionals have admitted that this is not a weakness in coding, but a fundamental vulnerability in the design of Open SSH.

Whilst there were no reports of this vulnerability actually being exploited for any other purpose than security research, this does highlight the weaknesses that can exist when organizations rely on single layers of security. The conclusion that people should be making is that this is an example of a possible breach, and a possible breach could most likely than not be a real one before long.