nanog mailing list archives
Re: Wireless insecurity at NANOG meetings
From: Joel Jaeggli <joelja () darkwing uoregon edu>
Date: Mon, 23 Sep 2002 10:00:27 -0700 (PDT)
On Sun, 22 Sep 2002, Iljitsch van Beijnum wrote:
On Sun, 22 Sep 2002, Richard A Steenbergen wrote:On Sun, Sep 22, 2002 at 01:11:07PM +0200, Iljitsch van Beijnum wrote:There are also people ssh'ing to personal and corporate machines from the terminal room where the root password is given out or easily available.Are you saying people shouldn't SSH?I've seen far too many people get into trouble because they have some flawed thinking that "ssh == always secure", even against compromises of one of the endpoints. If root is available, a reasonable person should ASSUME that some bored individual (like Bandy Rush) has taken 30 seconds and recompiled the ssh binaries with a password logger.
When we hosted nanog 16 we made the effort to periodically compare the md5 sums of the binaries on the terminal room machines to a reference source. I wouldn't personally place a greate deal of trust in machines that aren't in ones possession but we try.
Excellent point. Fortunately, this doesn't apply to running SSH from your laptop over the wireless network.
-- -------------------------------------------------------------------------- Joel Jaeggli Academic User Services joelja () darkwing uoregon edu -- PGP Key Fingerprint: 1DE9 8FCA 51FB 4195 B42A 9C32 A30D 121E -- In Dr. Johnson's famous dictionary patriotism is defined as the last resort of the scoundrel. With all due respect to an enlightened but inferior lexicographer I beg to submit that it is the first. -- Ambrose Bierce, "The Devil's Dictionary"
Current thread:
- Re: Whitehouse Tackels Cybersecurity, (continued)
- Re: Whitehouse Tackels Cybersecurity Brad Knowles (Sep 19)
- Re: Whitehouse Tackels Cybersecurity Sean Donelan (Sep 19)
- Re: Whitehouse Tackels Cybersecurity Iljitsch van Beijnum (Sep 20)
- Wireless insecurity at NANOG meetings Sean Donelan (Sep 21)
- Re: Wireless insecurity at NANOG meetings Randy Bush (Sep 21)
- Re: Wireless insecurity at NANOG meetings Richard A Steenbergen (Sep 21)
- Re: Wireless insecurity at NANOG meetings Iljitsch van Beijnum (Sep 22)
- Re: Wireless insecurity at NANOG meetings Richard A Steenbergen (Sep 22)
- Re: Wireless insecurity at NANOG meetings Iljitsch van Beijnum (Sep 22)
- Re: Wireless insecurity at NANOG meetings Kevin Steves (Sep 22)
- Re: Wireless insecurity at NANOG meetings Joel Jaeggli (Sep 23)
- Re: Wireless insecurity at NANOG meetings Randy Bush (Sep 22)
- Re: Wireless insecurity at NANOG meetings Sean Donelan (Sep 22)
- To late to add a Sunday Tutorial, base on MERIT data. Re: Wireless insecurity at NANOG meetings John M. Brown (Sep 22)
- Re: Wireless insecurity at NANOG meetings John M. Brown (Sep 22)
- Message not available
- Re: Wireless insecurity at NANOG meetings Dave Crocker (Sep 22)
- Re: Wireless insecurity at NANOG meetings John M. Brown (Sep 22)
- Re: Wireless insecurity at NANOG meetings Iljitsch van Beijnum (Sep 22)
- Re: Wireless insecurity at NANOG meetings John M. Brown (Sep 22)
- Re: Wireless insecurity at NANOG meetings William Allen Simpson (Sep 22)
- Re: Wireless insecurity at NANOG meetings Randy Bush (Sep 22)