[52289] in North American Network Operators' Group
Re: Wireless insecurity at NANOG meetings
daemon@ATHENA.MIT.EDU (Joel Jaeggli)
Mon Sep 23 13:00:53 2002
Date: Mon, 23 Sep 2002 10:00:27 -0700 (PDT)
From: Joel Jaeggli <joelja@darkwing.uoregon.edu>
To: Iljitsch van Beijnum <iljitsch@muada.com>
Cc: Richard A Steenbergen <ras@e-gerbil.net>, <nanog@merit.edu>
In-Reply-To: <20020922133340.L44677-100000@sequoia.muada.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, 22 Sep 2002, Iljitsch van Beijnum wrote:
>
> On Sun, 22 Sep 2002, Richard A Steenbergen wrote:
>
> > On Sun, Sep 22, 2002 at 01:11:07PM +0200, Iljitsch van Beijnum wrote:
> > > > There are also people ssh'ing to personal and corporate machines from
> > > > the terminal room where the root password is given out or easily
> > > > available.
>
> > > Are you saying people shouldn't SSH?
>
> > I've seen far too many people get into trouble because they have some
> > flawed thinking that "ssh == always secure", even against compromises of
> > one of the endpoints. If root is available, a reasonable person should
> > ASSUME that some bored individual (like Bandy Rush) has taken 30 seconds
> > and recompiled the ssh binaries with a password logger.
When we hosted nanog 16 we made the effort to periodically compare the md5
sums of the binaries on the terminal room machines to a reference source.
I wouldn't personally place a greate deal of trust in machines that
aren't in ones possession but we try.
> Excellent point. Fortunately, this doesn't apply to running SSH from your
> laptop over the wireless network.
>
--
--------------------------------------------------------------------------
Joel Jaeggli Academic User Services joelja@darkwing.uoregon.edu
-- PGP Key Fingerprint: 1DE9 8FCA 51FB 4195 B42A 9C32 A30D 121E --
In Dr. Johnson's famous dictionary patriotism is defined as the last
resort of the scoundrel. With all due respect to an enlightened but
inferior lexicographer I beg to submit that it is the first.
-- Ambrose Bierce, "The Devil's Dictionary"
