nanog mailing list archives

Re: Wireless insecurity at NANOG meetings

From: Richard A Steenbergen <ras () e-gerbil net>
Date: Sun, 22 Sep 2002 07:28:59 -0400


On Sun, Sep 22, 2002 at 01:11:07PM +0200, Iljitsch van Beijnum wrote:

There are also people ssh'ing to personal and corporate machines from
the terminal room where the root password is given out or easily
available.


Are you saying people shouldn't SSH?


I've seen far too many people get into trouble because they have some
flawed thinking that "ssh == always secure", even against compromises of
one of the endpoints. If root is available, a reasonable person should
ASSUME that some bored individual (like Bandy Rush) has taken 30 seconds
and recompiled the ssh binaries with a password logger. Heck even if it
isn't available, you couldn't pay me enough money to trust public access
terminals to log into something which doesn't use a one-time password.

-- 
Richard A Steenbergen <ras () e-gerbil net>       http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177  (67 29 D7 BC E8 18 3E DA  B2 46 B3 D8 14 36 FE B6)

Current thread:

Re: Whitehouse Tackels Cybersecurity, (continued)
- - - Re: Whitehouse Tackels Cybersecurity Iljitsch van Beijnum (Sep 18)
    - Re: Whitehouse Tackels Cybersecurity Sean Donelan (Sep 18)
    - Re: Whitehouse Tackels Cybersecurity batz (Sep 19)
    - Re: Whitehouse Tackels Cybersecurity Brad Knowles (Sep 19)
    - Re: Whitehouse Tackels Cybersecurity Sean Donelan (Sep 19)
    - Re: Whitehouse Tackels Cybersecurity Iljitsch van Beijnum (Sep 20)
    - Wireless insecurity at NANOG meetings Sean Donelan (Sep 21)
    - Re: Wireless insecurity at NANOG meetings Randy Bush (Sep 21)
    - Re: Wireless insecurity at NANOG meetings Richard A Steenbergen (Sep 21)
    - Re: Wireless insecurity at NANOG meetings Iljitsch van Beijnum (Sep 22)
    - Re: Wireless insecurity at NANOG meetings Richard A Steenbergen (Sep 22)
    - Re: Wireless insecurity at NANOG meetings Iljitsch van Beijnum (Sep 22)
    - Re: Wireless insecurity at NANOG meetings Kevin Steves (Sep 22)
    - Re: Wireless insecurity at NANOG meetings Joel Jaeggli (Sep 23)
    - Re: Wireless insecurity at NANOG meetings Randy Bush (Sep 22)
    - Re: Wireless insecurity at NANOG meetings Sean Donelan (Sep 22)
    - To late to add a Sunday Tutorial, base on MERIT data. Re: Wireless insecurity at NANOG meetings John M. Brown (Sep 22)
    - Re: Wireless insecurity at NANOG meetings John M. Brown (Sep 22)
    - Message not available
    - Re: Wireless insecurity at NANOG meetings Dave Crocker (Sep 22)
    - Re: Wireless insecurity at NANOG meetings John M. Brown (Sep 22)
    - Re: Wireless insecurity at NANOG meetings Iljitsch van Beijnum (Sep 22)

(Thread continues...)