nanog mailing list archives
Re: Wireless insecurity at NANOG meetings
From: Richard A Steenbergen <ras () e-gerbil net>
Date: Sun, 22 Sep 2002 07:28:59 -0400
On Sun, Sep 22, 2002 at 01:11:07PM +0200, Iljitsch van Beijnum wrote:
There are also people ssh'ing to personal and corporate machines from the terminal room where the root password is given out or easily available.Are you saying people shouldn't SSH?
I've seen far too many people get into trouble because they have some flawed thinking that "ssh == always secure", even against compromises of one of the endpoints. If root is available, a reasonable person should ASSUME that some bored individual (like Bandy Rush) has taken 30 seconds and recompiled the ssh binaries with a password logger. Heck even if it isn't available, you couldn't pay me enough money to trust public access terminals to log into something which doesn't use a one-time password. -- Richard A Steenbergen <ras () e-gerbil net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Current thread:
- Re: Whitehouse Tackels Cybersecurity, (continued)
- Re: Whitehouse Tackels Cybersecurity Iljitsch van Beijnum (Sep 18)
- Re: Whitehouse Tackels Cybersecurity Sean Donelan (Sep 18)
- Re: Whitehouse Tackels Cybersecurity batz (Sep 19)
- Re: Whitehouse Tackels Cybersecurity Brad Knowles (Sep 19)
- Re: Whitehouse Tackels Cybersecurity Sean Donelan (Sep 19)
- Re: Whitehouse Tackels Cybersecurity Iljitsch van Beijnum (Sep 20)
- Wireless insecurity at NANOG meetings Sean Donelan (Sep 21)
- Re: Wireless insecurity at NANOG meetings Randy Bush (Sep 21)
- Re: Wireless insecurity at NANOG meetings Richard A Steenbergen (Sep 21)
- Re: Wireless insecurity at NANOG meetings Iljitsch van Beijnum (Sep 22)
- Re: Wireless insecurity at NANOG meetings Richard A Steenbergen (Sep 22)
- Re: Wireless insecurity at NANOG meetings Iljitsch van Beijnum (Sep 22)
- Re: Wireless insecurity at NANOG meetings Kevin Steves (Sep 22)
- Re: Wireless insecurity at NANOG meetings Joel Jaeggli (Sep 23)
- Re: Wireless insecurity at NANOG meetings Randy Bush (Sep 22)
- Re: Wireless insecurity at NANOG meetings Sean Donelan (Sep 22)
- To late to add a Sunday Tutorial, base on MERIT data. Re: Wireless insecurity at NANOG meetings John M. Brown (Sep 22)
- Re: Wireless insecurity at NANOG meetings John M. Brown (Sep 22)
- Message not available
- Re: Wireless insecurity at NANOG meetings Dave Crocker (Sep 22)
- Re: Wireless insecurity at NANOG meetings John M. Brown (Sep 22)
- Re: Wireless insecurity at NANOG meetings Iljitsch van Beijnum (Sep 22)