[52237] in North American Network Operators' Group
Re: Wireless insecurity at NANOG meetings
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Sun Sep 22 07:38:01 2002
Date: Sun, 22 Sep 2002 13:37:22 +0200 (CEST)
From: Iljitsch van Beijnum <iljitsch@muada.com>
To: Richard A Steenbergen <ras@e-gerbil.net>
Cc: <nanog@merit.edu>
In-Reply-To: <20020922112859.GJ1123@overlord.e-gerbil.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, 22 Sep 2002, Richard A Steenbergen wrote:
> On Sun, Sep 22, 2002 at 01:11:07PM +0200, Iljitsch van Beijnum wrote:
> > > There are also people ssh'ing to personal and corporate machines from
> > > the terminal room where the root password is given out or easily
> > > available.
> > Are you saying people shouldn't SSH?
> I've seen far too many people get into trouble because they have some
> flawed thinking that "ssh == always secure", even against compromises of
> one of the endpoints. If root is available, a reasonable person should
> ASSUME that some bored individual (like Bandy Rush) has taken 30 seconds
> and recompiled the ssh binaries with a password logger.
Excellent point. Fortunately, this doesn't apply to running SSH from your
laptop over the wireless network.
