[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ssh - How widely used?
Jonathan Corbet writes:
[stuff about SSH deleted]
> When my local ISP found a password sniffer running on his machine and went
> into red alert, I just smiled and didn't bother to change my passwords on
> hosts I had logged into via the ISP's net.
You probably should. There's more places to 'sniff' information than
just from the network. An example is the Streams-based tty snooper.
It pushes a Streams module between the tty and the shell.
No encryption program can protect that, as it has to be in
the clear unless you can do RC4 in your head. :-)
The program I'm thinking of (sorry I forgot the name) lets the operator
both read and write to any tty session on the machine.
--
Eric Murray [email protected] [email protected] http://www.lne.com/ericm
If you don't see the fnords, they won't eat your packets. If you do see the
fnords, they will eat your packets, so you won't see them.
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF