[52251] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Wireless insecurity at NANOG meetings

daemon@ATHENA.MIT.EDU (William Allen Simpson)
Sun Sep 22 18:47:29 2002

Date: Sun, 22 Sep 2002 18:46:15 -0400
From: William Allen Simpson <wsimpson@greendragon.com>
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu

"John M. Brown" wrote:
> On Sun, Sep 22, 2002 at 04:49:08AM -0700, Randy Bush wrote:
> >
> > a prudent user does not ssh _from_ a machine they don't control or
> prudent users don't get hacked.  non-prudent users hopefully learn
> or darwin happens.

Ahem!  I'm usually considered a prudent user (once upon a time, I was 
the _only_ person using IPSec at an IETF meeting, having written it myself, and communicating with just about the earliest commercial 
implementation by Morningstar).  ADmittedly, that was from my own 
laptop, and I've never understood why we had public machines.....

However, I've had machines taken over this past summer through the 
OpenSSH hole.  A couple of years back, I had a router taken over through 
a Cisco hole.

You're only as good as your software.  And we all rely on each other. 

That's worth remembering: the Internet still relies on cooperation, 
between the vendors, and between the operators!  

Meanwhile, I think Randy and John are both moving in the right direction
and I'm sure we'll all call Merit tomorrow to ask what in the world they 
are thinking....
William Allen Simpson
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32

home help back first fref pref prev next nref lref last post