* csj (csj@zapo.net) [031204 08:37]: > On 3. December 2003 at 5:52PM -0800, > Vineet Kumar <vineet@doorstop.net> wrote: > > > * Monique Y. Herman (spam@bounceswoosh.org) [031203 16:59]: > > > I have been wondering about the password-sniffing thing, too. > > > If you send a password using ssh, isn't it encrypted? > > > > > > I suppose some debian developer's kid sister could have > > > installed a keystroke logger on the dev machine ... um ... > > > > Almost there -- minus the assumption that one needs physical > > access to a machine to install a keystroke logger. At the risk > > of perpetuating the telephone game, I recall reading that the > > developer's machine had been rooted. I didn't hear how, but I > > don't really see how it matters. I picture an always-on > > machine in someone's home on a DSL or cable line. > > Now I'm curious: is it possible to get rooted while on dialup? Absolutely. What about it would make it impossible? The only reason I mentioned an always-on connection is that it's more likely, since attackers have more opportunity. Also, with dynamic address on a dial-up, the attacker will have a more difficult time (though certainly not impossible) doing anything useful (abuseful?) with your box. good times, Vineet -- http://www.doorstop.net/ -- Microsoft has argued that open source is bad for business, but you have to ask, "Whose business? Theirs, or yours?" --Tim O'Reilly
Attachment:
signature.asc
Description: Digital signature