Mailinglist Archive: opensuse-security (138 mails)

< Previous Next >
Re: [suse-security] Re: Why Install Telnet by Default?
  • From: Allen <gorebofh@xxxxxxxxxxx>
  • Date: Fri, 9 Dec 2005 14:02:28 -0500
  • Message-id: <20051209190228.GA32735@xxxxxxxxxxxxxxxxxxxxxx>
On Fri, Dec 09, 2005 at 09:19:29AM +0800, John Summerfield wrote:
> Randall R Schulz wrote:
> > John,
> >
> > On Thursday 08 December 2005 16:39, John Summerfield wrote:
> >> ...
> >>
> >>>> I use ssh rather than telnet, rsh, rexec etc because it's more
> >>>> convenient. Mostly, I control the wire or go through a vpn I
> >>>> control.
> >>> That depends, I guess, on how you define convenience. I know of
> >>> nothing about configuring or using SSH-based services that is more
> >>> convenient than using plain old (non-secure) telnet. (Even if
> >>> SSH-based services are taken out of the picture entirely, I still
> >>> have to type several passwords many times each day, so keyed access
> >>> isn't going to make my life much more convenient.)
> >> Using ssh, I can arrange for secure passwordless authentication.
> >> That's a greate convenience I could never achieve with telnet, though
> >> I did sort of fudge it with an expect script.
> >
> > I'm surprised so many very security-conscious people think that
> > passwordless is such a good thing. Now you've made physical access to
> > your computer all that is required to gain access to all the other
> > hosts for which you've set up passwordless access. What's more, from
> > the perspective of the administrators of those systems, it's you who
> > has accessed their resources and you'll get the blame, at least
> > initially, for any malicious actions.
>
> Physical acces involves electronic security (locks and monitored
> alarms), mechanical keylocks and having your photo taken while on the
> job. Once you have physical access, passwords are moot.


Oh man the number of Hospitals I've been able to walk around in through
their IT staff saying I'm a consultant or something. Quite easy to defeat
all of that. I mean what are you going to do take out the floppy drive? And
the CD drive? LOL ANything yo can do can be taken apart or picked.




> Or detailed knowledge. Our data has little commercial value; if you want
> a site to cause mahem to the internet, there are easier pickings. Half a
> dozen unsecured wireless APs where I live for starters.



>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>

< Previous Next >