[52236] in North American Network Operators' Group
Re: Wireless insecurity at NANOG meetings
daemon@ATHENA.MIT.EDU (Richard A Steenbergen)
Sun Sep 22 07:29:30 2002
Date: Sun, 22 Sep 2002 07:28:59 -0400
From: Richard A Steenbergen <ras@e-gerbil.net>
To: Iljitsch van Beijnum <iljitsch@muada.com>
Cc: nanog@merit.edu
In-Reply-To: <20020922124027.N44677-100000@sequoia.muada.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, Sep 22, 2002 at 01:11:07PM +0200, Iljitsch van Beijnum wrote:
> > There are also people ssh'ing to personal and corporate machines from
> > the terminal room where the root password is given out or easily
> > available.
>
> Are you saying people shouldn't SSH?
I've seen far too many people get into trouble because they have some
flawed thinking that "ssh == always secure", even against compromises of
one of the endpoints. If root is available, a reasonable person should
ASSUME that some bored individual (like Bandy Rush) has taken 30 seconds
and recompiled the ssh binaries with a password logger. Heck even if it
isn't available, you couldn't pay me enough money to trust public access
terminals to log into something which doesn't use a one-time password.
--
Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
