Date: Sun, 29 Jul 2001 23:29:22 -0400 From: Louis LeBlanc <leblanc+freebsd@acadia.ne.mediaone.net> To: Ted Mittelstaedt <tedm@toybox.placo.com>, freebsd-questions@FreeBSD.org Subject: Re: URGENT - Seems like i've been hacked... what to do now? Message-ID: <20010729232922.A7149@acadia.ne.mediaone.net> In-Reply-To: <003001c117f7$b619f540$1401a8c0@tedm.placo.com> References: <20010728142816.A29383@acadia.ne.mediaone.net> <003001c117f7$b619f540$1401a8c0@tedm.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 07/28/01 11:28 PM, Ted Mittelstaedt sat at the `puter and typed: > > Whoah, baby, Whoah!!! > > Do not fall for the idea that just because sshd has something to do with > encryption that it is in any way "secure" > > sshd has just as much potential for being hacked into as telnetd. If you > don't believe me then ask SSH corporation - they just announced a > vulnerability in their latest implementation of sshd. > > Remember - all programs are insecure. The only difference is whether or > not their vulnerabilities have been discovered yet. If you really want > a totally secure computer then turn it off!!! > > Ted Mittelstaedt tedm@toybox.placo.com > Author of: The FreeBSD Corporate Networker's Guide > Book website: http://www.freebsd-corp-net-guide.com > I stand corrected. I should really be more careful of my use of the word 'secure'. That is how I should have put it in my previous message, with quotes, as well as a qualifier of my use of the word. Anyway, I apologise if I have mislead anyone into a false sense of security. Here is my take: I feel safer executing commands and passing sensitive data like passwords over a 'secure' connection. These connections are encrypted and 'typically' much more difficult to eavesdrop on once they are established. Of course, for my situation, this is typically good enough. I know there is nothing of any use to anyone else, and I am relatively sure that even if someone were to crack into my system, they would find, not the equivalent of Fort Knox, but a pretty much barren wasteland. The only use anyone would have of my system is as a jumping off point to hack another system or as a multi-homed DOS attack. And I am sure there are plenty of other systems out there that are much easier targets. Sounds cold, but I see it as a case of "I don't have to outrun the bear, I just have to outrun the other guy". The bear will usually take the easier target, and there are plenty of them out there. If it is just a trophy hunter, who simply wants to hack it because it _is_ a more difficult target, why not hit a more visible target, like the IRS? They were hacked recently, weren't they? Ah, well. I could be flirtin' with disaster here, but . . . Thanks for the correction Ted :) -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ brain, n: The apparatus with which we think that we think. -- Ambrose Bierce, "The Devil's Dictionary" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010729232922.A7149>