Two new vulnerabilities, CVE-2016-0777 and CVE-2016-0778, were found yesterday on the OpenSSH project which allows a malicious SSH server to steal the client’s private keys when using the roaming undocumented feature. So, if you have to connect to any server that is not under your control (including git over SSH through third-party services like GitHub or […]