"John M. Brown" wrote:
On Sun, Sep 22, 2002 at 04:49:08AM -0700, Randy Bush wrote:
a prudent user does not ssh _from_ a machine they don't control or
prudent users don't get hacked. non-prudent users hopefully learn or darwin happens.
Ahem! I'm usually considered a prudent user (once upon a time, I was the _only_ person using IPSec at an IETF meeting, having written it myself, and communicating with just about the earliest commercial implementation by Morningstar). ADmittedly, that was from my own laptop, and I've never understood why we had public machines..... However, I've had machines taken over this past summer through the OpenSSH hole. A couple of years back, I had a router taken over through a Cisco hole. You're only as good as your software. And we all rely on each other. That's worth remembering: the Internet still relies on cooperation, between the vendors, and between the operators! Meanwhile, I think Randy and John are both moving in the right direction and I'm sure we'll all call Merit tomorrow to ask what in the world they are thinking.... -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32