Using unprotected Wifi
in [Linux Networking]
|
Prev: WANTED TO BUY - NETWORKING, TELECOM EQUIPMENT & SOFTWARE - CISCO, NORTEL, LUCENT, JUNIPER, EXTREME, FOUNDRY, FUJITSU, MICROSOFT, ADOBE, SYMANTEC & MORE
Next: NFS boot: where are the mount options ?!?
From: Joe Pfeiffer on 2 Jun 2010 01:21 terryc <newsninespam-spam(a)woa.com.au> writes: > On Tue, 01 Jun 2010 07:46:50 -0600, Joe Pfeiffer wrote: > >> Maxwell Lol <nospam(a)com.invalid> writes: >> >>> Joe Pfeiffer <pfeiffer(a)cs.nmsu.edu> writes: >>> >>>> terryc <newsninespam-spam(a)woa.com.au> writes: >>>> >>>>> On Mon, 31 May 2010 12:53:06 -0400, Roy Smith wrote: >>>>> >>>>>> In article <slrni07k41.ecr.news(a)jonsolberg.se>, >>>>>> Jon Solberg <news(a)jonsolberg.nospam.se> wrote: >>>>>> >>>>>>> historically there has existed buggy implementations of SSH >>>>>>> susceptible of password sniffing and some of these are still >>>>>>> around. Although running against a reasonably modern client-servers >>>>>>> pair (SSH v.2) should be safe, keys are still a good thing. >>>>>> >>>>>> To expand on Jon's statement, note that to find a pre-v.2 >>>>>> implementation, you need to set the controls on the way-back machine >>>>>> to something like 15 years ago. >>>>> >>>>> Blink, less that five years ago. One of the bigger linux distros and >>>>> all derivatives had it. >>>> >>>> Just in case somebody doesn't know who you're referring to: debian. >>> >>> >>> But that was a case of weak ssh keys, right? It was not vulnerable to >>> sniffing. Just brute force password cracking, except that the brute >>> wasn't so brute - but a marshmellow. >>> >>> i.e. the PROTOCOL wasn't flawed. Just the random number generator used >>> to generate unique keys. >> Correct. > > Gee, that is a desperate hair split. The protocol, like many, was weak > and vulnerable, if it was implemented incorrectly. The GFC and S&P anyone? > Well.... it didn't make it vulnerable to password sniffing, which was the original thesis (a fact I missed when mentioning it was Debian). It made it vulnerable to a different attack. But I think it's a safe statement that *any* protocol, implemented sufficiently badly in the right way, would be vulnerable to any particular attack you care to name. -- As we enjoy great advantages from the inventions of others, we should be glad of an opportunity to serve others by any invention of ours; and this we should do freely and generously. (Benjamin Franklin)
From: Maxwell Lol on 3 Jun 2010 22:41
terryc <newsninespam-spam(a)woa.com.au> writes: > Gee, that is a desperate hair split. The protocol, like many, was weak > and vulnerable, if it was implemented incorrectly. The GFC and S&P anyone? It is not splitting hairs. Criticizing the protocol designers for something they did not do is simply wrong and unfair to them. And to be precise, according to RFC4252, they are Tatu Ylonen Tero Kivinen Timo J. Rinne Sami Lehtinen (all of SSH Communications Security Corp), and Markku-Juhani O. Saarinen (University of Jyvaskyla). |