North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Wireless insecurity at NANOG meetings
On Sun, 22 Sep 2002, Richard A Steenbergen wrote: > On Sun, Sep 22, 2002 at 01:11:07PM +0200, Iljitsch van Beijnum wrote: > > > There are also people ssh'ing to personal and corporate machines from > > > the terminal room where the root password is given out or easily > > > available. > > Are you saying people shouldn't SSH? > I've seen far too many people get into trouble because they have some > flawed thinking that "ssh == always secure", even against compromises of > one of the endpoints. If root is available, a reasonable person should > ASSUME that some bored individual (like Bandy Rush) has taken 30 seconds > and recompiled the ssh binaries with a password logger. Excellent point. Fortunately, this doesn't apply to running SSH from your laptop over the wireless network.
|