Using unprotected Wifi
in [Linux Networking]
|
Prev: WANTED TO BUY - NETWORKING, TELECOM EQUIPMENT & SOFTWARE - CISCO, NORTEL, LUCENT, JUNIPER, EXTREME, FOUNDRY, FUJITSU, MICROSOFT, ADOBE, SYMANTEC & MORE
Next: NFS boot: where are the mount options ?!?
From: terryc on 31 May 2010 23:17 On Mon, 31 May 2010 12:53:06 -0400, Roy Smith wrote: > In article <slrni07k41.ecr.news(a)jonsolberg.se>, > Jon Solberg <news(a)jonsolberg.nospam.se> wrote: > >> historically there has existed buggy implementations of SSH susceptible >> of password sniffing and some of these are still around. Although >> running against a reasonably modern client-servers pair (SSH v.2) >> should be safe, keys are still a good thing. > > To expand on Jon's statement, note that to find a pre-v.2 > implementation, you need to set the controls on the way-back machine to > something like 15 years ago. Blink, less that five years ago. One of the bigger linux distros and all derivatives had it.
From: Joe Pfeiffer on 1 Jun 2010 01:00 terryc <newsninespam-spam(a)woa.com.au> writes: > On Mon, 31 May 2010 12:53:06 -0400, Roy Smith wrote: > >> In article <slrni07k41.ecr.news(a)jonsolberg.se>, >> Jon Solberg <news(a)jonsolberg.nospam.se> wrote: >> >>> historically there has existed buggy implementations of SSH susceptible >>> of password sniffing and some of these are still around. Although >>> running against a reasonably modern client-servers pair (SSH v.2) >>> should be safe, keys are still a good thing. >> >> To expand on Jon's statement, note that to find a pre-v.2 >> implementation, you need to set the controls on the way-back machine to >> something like 15 years ago. > > Blink, less that five years ago. One of the bigger linux distros and all > derivatives had it. Just in case somebody doesn't know who you're referring to: debian. -- As we enjoy great advantages from the inventions of others, we should be glad of an opportunity to serve others by any invention of ours; and this we should do freely and generously. (Benjamin Franklin)
From: Maxwell Lol on 1 Jun 2010 07:24 Joe Pfeiffer <pfeiffer(a)cs.nmsu.edu> writes: > terryc <newsninespam-spam(a)woa.com.au> writes: > >> On Mon, 31 May 2010 12:53:06 -0400, Roy Smith wrote: >> >>> In article <slrni07k41.ecr.news(a)jonsolberg.se>, >>> Jon Solberg <news(a)jonsolberg.nospam.se> wrote: >>> >>>> historically there has existed buggy implementations of SSH susceptible >>>> of password sniffing and some of these are still around. Although >>>> running against a reasonably modern client-servers pair (SSH v.2) >>>> should be safe, keys are still a good thing. >>> >>> To expand on Jon's statement, note that to find a pre-v.2 >>> implementation, you need to set the controls on the way-back machine to >>> something like 15 years ago. >> >> Blink, less that five years ago. One of the bigger linux distros and all >> derivatives had it. > > Just in case somebody doesn't know who you're referring to: debian. But that was a case of weak ssh keys, right? It was not vulnerable to sniffing. Just brute force password cracking, except that the brute wasn't so brute - but a marshmellow. i.e. the PROTOCOL wasn't flawed. Just the random number generator used to generate unique keys.
From: Joe Pfeiffer on 1 Jun 2010 09:46 Maxwell Lol <nospam(a)com.invalid> writes: > Joe Pfeiffer <pfeiffer(a)cs.nmsu.edu> writes: > >> terryc <newsninespam-spam(a)woa.com.au> writes: >> >>> On Mon, 31 May 2010 12:53:06 -0400, Roy Smith wrote: >>> >>>> In article <slrni07k41.ecr.news(a)jonsolberg.se>, >>>> Jon Solberg <news(a)jonsolberg.nospam.se> wrote: >>>> >>>>> historically there has existed buggy implementations of SSH susceptible >>>>> of password sniffing and some of these are still around. Although >>>>> running against a reasonably modern client-servers pair (SSH v.2) >>>>> should be safe, keys are still a good thing. >>>> >>>> To expand on Jon's statement, note that to find a pre-v.2 >>>> implementation, you need to set the controls on the way-back machine to >>>> something like 15 years ago. >>> >>> Blink, less that five years ago. One of the bigger linux distros and all >>> derivatives had it. >> >> Just in case somebody doesn't know who you're referring to: debian. > > > But that was a case of weak ssh keys, right? It was not vulnerable to > sniffing. Just brute force password cracking, except that the brute > wasn't so brute - but a marshmellow. > > i.e. the PROTOCOL wasn't flawed. Just the random number generator used > to generate unique keys. Correct. -- As we enjoy great advantages from the inventions of others, we should be glad of an opportunity to serve others by any invention of ours; and this we should do freely and generously. (Benjamin Franklin)
From: terryc on 1 Jun 2010 22:56
On Tue, 01 Jun 2010 07:46:50 -0600, Joe Pfeiffer wrote: > Maxwell Lol <nospam(a)com.invalid> writes: > >> Joe Pfeiffer <pfeiffer(a)cs.nmsu.edu> writes: >> >>> terryc <newsninespam-spam(a)woa.com.au> writes: >>> >>>> On Mon, 31 May 2010 12:53:06 -0400, Roy Smith wrote: >>>> >>>>> In article <slrni07k41.ecr.news(a)jonsolberg.se>, >>>>> Jon Solberg <news(a)jonsolberg.nospam.se> wrote: >>>>> >>>>>> historically there has existed buggy implementations of SSH >>>>>> susceptible of password sniffing and some of these are still >>>>>> around. Although running against a reasonably modern client-servers >>>>>> pair (SSH v.2) should be safe, keys are still a good thing. >>>>> >>>>> To expand on Jon's statement, note that to find a pre-v.2 >>>>> implementation, you need to set the controls on the way-back machine >>>>> to something like 15 years ago. >>>> >>>> Blink, less that five years ago. One of the bigger linux distros and >>>> all derivatives had it. >>> >>> Just in case somebody doesn't know who you're referring to: debian. >> >> >> But that was a case of weak ssh keys, right? It was not vulnerable to >> sniffing. Just brute force password cracking, except that the brute >> wasn't so brute - but a marshmellow. >> >> i.e. the PROTOCOL wasn't flawed. Just the random number generator used >> to generate unique keys. > Correct. Gee, that is a desperate hair split. The protocol, like many, was weak and vulnerable, if it was implemented incorrectly. The GFC and S&P anyone? |