Linux.com

SecurityFocus.com: "A team of researchers from the University of California at Berkeley revealed two weaknesses in Secure Shell (SSH) implementations Friday that allow an eavesdropper to learn the exact length of a user's password by observing the rhythm of their keystrokes. By using advanced statistical techniques on timing information collected over the network, researchers also found that the eavesdropper can learn significant information about what users type in SSH sessions."