Help players protect themselves from maliciousness

  - Since connecting to an unknown server represents some risk,
    tell players about the known risks and show them how they can eliminate
    some of that risk by patching their ssh clients.
  - Closes #13

1 files changed, 11 insertions, 0 deletions

diff --git a/README.md b/README.md
index cdb9908..fea08d9 100644
--- a/README.md
+++ b/README.md
@@ -44,6 +44,17 @@ $ go get && go build
 $ ./sshtron
 ```
 
+## CVE-2016-0777
+
+[CVE-2016-0777](https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt)
+revealed two SSH client vulnerabilities that can be exploited by a malicious SSH server. While SSHTron does not exploit
+these vulnerabilities, you should still patch your client before you play. SSHTron is open source, but the server
+could always be running a modified version of SSHTron that does exploit the vulnerabilities described
+in [CVE-2016-0777](https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt).
+
+If you haven't yet patched your SSH client, you can follow
+[these instructions](https://www.jacobtomlinson.co.uk/quick%20tip/2016/01/15/fixing-ssh-vulnerability-CVE-2016-0777/) to do so now.
+
 ## License
 
 SSHTron is licensed under the MIT License. See the full license text in