Wireless insecurity at NANOG meetings

William Allen Simpson wsimpson at greendragon.com
Sun Sep 22 22:46:15 UTC 2002


"John M. Brown" wrote:
> 
> On Sun, Sep 22, 2002 at 04:49:08AM -0700, Randy Bush wrote:
> >
> > a prudent user does not ssh _from_ a machine they don't control or
> 
> prudent users don't get hacked.  non-prudent users hopefully learn
> or darwin happens.

Ahem!  I'm usually considered a prudent user (once upon a time, I was 
the _only_ person using IPSec at an IETF meeting, having written it myself, and communicating with just about the earliest commercial 
implementation by Morningstar).  ADmittedly, that was from my own 
laptop, and I've never understood why we had public machines.....

However, I've had machines taken over this past summer through the 
OpenSSH hole.  A couple of years back, I had a router taken over through 
a Cisco hole.

You're only as good as your software.  And we all rely on each other. 

That's worth remembering: the Internet still relies on cooperation, 
between the vendors, and between the operators!  

Meanwhile, I think Randy and John are both moving in the right direction
and I'm sure we'll all call Merit tomorrow to ask what in the world they 
are thinking....
-- 
William Allen Simpson
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32



More information about the NANOG mailing list