[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ssh - How widely used?



Jonathan Corbet writes:
 
[stuff about SSH deleted]

 
> When my local ISP found a password sniffer running on his machine and went
> into red alert, I just smiled and didn't bother to change my passwords on
> hosts I had logged into via the ISP's net.

You probably should.  There's more places to 'sniff' information than
just from the network.  An example is the Streams-based tty snooper.
It pushes a Streams module between the tty and the shell.
No encryption program can protect that, as it has to be in
the clear unless you can do RC4 in your head. :-)

The program I'm thinking of (sorry I forgot the name) lets the operator
both read and write to any tty session on the machine.


-- 
Eric Murray  [email protected]  [email protected]  http://www.lne.com/ericm
If you don't see the fnords, they won't eat your packets.  If you do see the
fnords, they will eat your packets, so you won't see them.
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF