Re: Wireless insecurity at NANOG meetings
In message <006a01c2630a$19725020$ab876540@amer.cisco.com>, "Stephen Sprunk" wr ites:
I can't say without a sniffer, but I'd bet that most NANOG participants are doing the same: SSH or IPsec VPN's back to home (wherever that is).
Experience doesn't support this, I fear. How many passwords were captured last time? --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book)
On 07:19 AM 9/23/02, Steven M. Bellovin wrote:
I can't say without a sniffer, but I'd bet that most NANOG participants are doing the same: SSH or IPsec VPN's back to home (wherever that is).
Experience doesn't support this, I fear. How many passwords were captured last time?
Passwords to *what*? Not all passwords need to be kept secret. When I login to read slashdot, I don't much care if someone sniffs the username and password. Just because a password was captured doesn't mean that knowing the username/password gives you access to anything special. Going back to that lock and door analogy, it's like when you have a latch on the front gate. It's there to keep the gate from swinging in the breeze, to keep dogs and kids who are playing on the street from aimlessly wandering into your front garden, etc. It's no big deal if other people can figure out how to work the latch and get into my yard. There are some things I keep behind latched gates. Other things are kept behind a locked door with a simple doorknob lock (easily picked or forced). Other things are behind a door with a deadbolt lock. Other things are behind a combination padlock. Some things are in a safety deposit box in the bank vault. We don't need to keep all valuable things in the safety deposit box, and we don't need to lock down the WLAN at NANOG as if it were access to a bank's intranet. jc
participants (2)
-
JC Dill
-
Steven M. Bellovin