Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Overconfidence in SSH Protection 194

Posted by Zonk
from the don't-be-too-proud-of-this-technological-terror dept.
nitsudima writes to mention a post on the Informit site about the common misunderstandings surrounding SSH, and how well-intentioned admins may be creating holes in their own security by using it. From the article: "In UNIX, all things are files. To send network traffic, UNIX writes the traffic to the network device file. In this case, the connection to Box A (and that private key used for authentication) is a socket file. This file will shuttle the authentication traffic between Box A and Box P. So what's the risk? Maybe the hacker can't get a copy of the private key through the socket file, but something better (from his/her view) can be done. If the hacker has root on Box D, he or she can point a private copy of the agent forwarding software to that socket file and thereby point the authentication process to the administrator's credentials--the ones kept on the 'safe' intranet. What are the chances that the administrator has configured access to all the DMZ servers he controls?"
This discussion has been archived. No new comments can be posted.

Overconfidence in SSH Protection

Comments Filter:
  • by louzerr (97449) <Mr@Pete@Nelson.gmail@com> on Saturday May 27, 2006 @08:23AM (#15415397) Homepage
    ... and your e-mail administrator can read your e-mail ... ... and your network administrator can see what web sites you're visiting ... ... and your ISP can watch your internet traffic ... ... and the NSA can listen to your phone ...

    So, the real trick is just to live a life so borring none of these people will care to spy on you. Not all that hard, really. Considering you're on /. - you're probably doing okay.

Is it possible that software is not like anything else, that it is meant to be discarded: that the whole point is to always see it as a soap bubble?

Working...