Oyster Backdoor Disguised as PuTTY and KeyPass Targets IT Admins via SEO Poisoning
https://gbhackers.com/oyster-backdoor-disguised-as-putty-and-keypass/
The saga continues: #BitVise blocked my IP range but still doesn’t seem to grasp what a VPN or proxy is. CEO Denis B. keeps using the site for PR instead of handing it over to the rightful owner. https://blog.pupred.com/category=bitvise/
CC @simontatham@hachyderm.io
#it #bitvise #putty #telnet #itnews #domain #domainsnatching #domainstealing #misuseofposition
PuTTY, the renowned FOSS SSH client for Windows, is not the same people as those behind the PUTTY.ORG website." – and now putty.org is spouting anti-vaccination propaganda "because a bunch of communists hate me."
"An unfolding controversy over the contents of a website that contained links to several different pieces of SSH-related software has escalated. At the time of writing, the owners of the website have replaced this content with anti-vaccination propaganda." #Putty #SSH #Linux
https://www.theregister.com/2025/07/17/puttyorg_website_controversy/
The real Putty software website: https://www.chiark.greenend.org.uk/~sgtatham/putty/
putty.org archive before: https://archive.ph/oyGCU
Putty.org archive after: https://archive.ph/ArTC7
All: https://archive.ph/putty.org
Controversy over PUTTY.ORG website growing fast • The Register
By Liam Proven
Anybody who had been using PuTTY for awhile knows the homepage is https://www.chiark.greenend.org.uk/~sgtatham/putty/ and has been forever.
This article is about the people who own PUTTY.ORG and some truly bizarre developments.
At the time of writing, the owners of the website have replaced this content with anti-vaccination propaganda.
Related to the The price of software freedom is eternal politics article by the same author I shared the other day.
SEO poisoning attack reported by Arctic Wolf Networks delivers Trojanized IT tools
https://www.admin-magazine.com/News/SEO-Poisoning-Attack-Delivers-Trojanized-IT-Tools?utm_source=mam
#SEO #attack #ArcticWolfNetworks #Trojanized #PuTTY #WinSCP #security
General reminder:
The domain name putty.org is *NOT* run by the #PuTTY developers. It is run by somebody not associated with us, who uses the domain to interpose advertising for their unrelated commercial products. We do not endorse those products in any way, and we have never given any kind of agreement for PuTTY's name to be used in promoting them.
Please do not perpetuate the claim that putty.org is the PuTTY website. If anyone is linking to it on that basis, please change the link. The PuTTY website is https://www.chiark.greenend.org.uk/~sgtatham/putty/ and it always has been.
You can check this by downloading the source code, which cites that URL in many places (the README, the documentation, some strings in the actual code), or by using the "Visit Web Site" menu options in the official Windows binaries (the ones signed with my personal Authenticode certificate). The true PuTTY website is the one that PuTTY itself says it is.
Many search engines list putty.org above chiark. I don't know if this is due to active SEO on the part of the domain owner, or a heuristic in the rankings. Either way, don't believe them. It's not our site.
The Complete Guide to Installing, Configuring and Operating Plex Media Server on Ubuntu Server (2/14)
Installing OpenSSH Server on Ubuntu, PuTTY on Windows and setting up a connection. (Beginner-Friendly!)
In this video, we guide you through installing OpenSSH on Ubuntu Server and setting up PuTTY on a Windows machine to enable secure remote access.
https://youtu.be/htlKpH8oalY
Today's mini-project: got SSH going on Caldera 1.1.
First I tried Ylönen SSH 1.2.12, which built and ran fine but gave packet checksum errors when I tried to log in with #PuTTY. Next was OSSH 1.2.16, which also built and ran fine (after tracking down the needed libs) but did the same thing. Finally I tried OSSH 1.5.12, the last pre-OpenSSH release I could find. That worked! No more telnet!
Advantage of using work-specific VMs when using personal equipment for "work from home": when you're required to install work-specific software.
My company's partnering with another cloud asset-reporting vendor. Vendor needed us to set up an instantiation of their product in one of our #AWS accounts. The AWS account in question is configured to only allow access via VPN.
The #VPN software my company uses for that account is Tailscale. Didn't particularly feel like installing it to my (whole) laptop, so, I opted to install it into an EL9 #Linux VM (between PuTTY — I use PuTTY-CAC because I have projects that require me to be able to SmartCard passthrough — and VcXsrv
Why don't I use a work-supplied laptop for work tasks? I live in a very small house with not a lot of area — especially not to dedicate to work-specific hardware. So, I refused the work-issued laptop: while space was the primary driver of that refusal, it's also the fact that work normally issues MBPs …and I'm the opposite of a Mac fan (that said, they had offered to get me the PC of my choice running the OS of my choice, but that still leaves the "house too smol" problem to surmount).
At any rate, a locally-installed hypervisor allows me to get around the "how to keep work and personal separate" question.
#PuTTY
#VcXsrv
Always nice when software developers have thought of the thing you wanted already.
When #git on my laptop wants to talk to my machine at home (usually to continue work on something I left half-finished, append another commit or two, and push it back to my home checkout), it has to use #PuTTY rather than OpenSSH, because only my PuTTY configuration knows how to find its way to that machine. So I have to set either GIT_SSH or core.sshCommand to "plink". Ideally the latter, and only in the context of that one checkout.
What this _really_ needs, I thought, is an option to 'git clone' that will set an arbitrary 'git config' option early enough to affect the actual cloning operation, and then leave it set in the resulting checkout. That'd be perfect. I wonder if the git developers have thought to provide one?
And they have! #TIL 'git clone -c key=value'.
git clone -c core.sshCommand=plink my-home-machine:src/half-finished-thing
We've released #PuTTY version 0.83.
This release is mostly full of bug fixes following up the new development in 0.82. Most significantly, 'psftp -b' was completely broken, and now works again. Also various assertion failures, crashes and hangs. On the Unix side, we've fixed an intermittent bug making the keys on the small keypad above the arrows (Home, End, Ins, Del etc) not work in the terminal.
We've also extended our #quantumsafe cryptography support, by supporting #MLKEM as a key exchange option, in addition to NTRU Prime which we already had.
@1password hoping you can help here. I'm using #1Password and #OpenSSH in #WindowsTerminal here on #Windows11 to connect to my #RaspberryPi. I need an easier way to work with files, though, so I'm trying to set up #WinSCP. I've exported my key from 1Password in both formats available. I noticed it didn't have a file extension so added .pem to the name. No matter what I do, WinSCP won't take the key. Neither would #PuTTY when I tried it. Do you have any suggestions on how to resolve this? Anyone else who thinks they might be able to help is welcome to reply too.
#Linux #Windows #SSH #RaspberryPiOS #Tech #Technology
Pre-release builds of #PuTTY 0.83 are now available.
This is mostly a bug-fix release. 0.82 went out in a bit of a hurry, and users reported half a dozen bugs quite quickly, most notably that PSFTP forgot how to handle the -b option. Those are now all fixed.
Also new: support for a 2nd post-quantum key agreement scheme (ML-KEM), and improved support for Unicode filenames on Windows.
Please test! If there are still bugs, we'd like to fix them _before_ releasing 0.83.
https://www.chiark.greenend.org.uk/~sgtatham/putty/prerel.html
Pretty sure I haven't used #PuTTY once since 2013, but that's just because I've been on MacOSX and #Linux the whole time, and the few times I had to use windows, I just used #Cygwin.
Not enough love, Cygwin. It's like reverse-WINE. (Of course, it does help that Windows has a (probably badly implemented and somewhat cursed) POSIX layer.)
I noticed. I wonder which version was the first to get ssh baked-in.
I know I definitely had to use #PuTTY on #WindowsXP back in the naughties.