GnuPG in universities

Pedro Diaz Jimenez pdiaz88@terra.es
Mon Jun 11 23:17:01 2001


--------------Boundary-00=_ALGS9WRV95APW0MLO09B
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 11 June 2001 07:36, Werner Koch wrote:

> || On Mon, 11 Jun 2001 00:06:58 +0000
> || Pedro Diaz Jimenez <pdiaz88@terra.es> wrote:
>
> pdj> anyway?. And for the sniffing stuff, I never use something less
> secure than pdj> ssh (more secure, for me, is typing at the machine
> keyboard)
>
> This is the most important thing to consider when you use a random
> box located somewhere on the campus. Expect that everything you type
> on this box is logged. Even an unexperienced cracker can insert a
> keystroke recorder into the keyboard cable - you won't notice that and
> it is a matter of seconds to install it. The most common method
> however is to trojan the login program and then later log everything
> you type. This is an everydays attack and not some esoteric hack.
>
I was talking about sniffing passwords. The reason that makes me worry the most is some script kiddie who owns a box someplace in my university sniffing passwords. Someone owning my server is more unlikely (*don't missinterpret this*). I mean, the longest time without a security check on the machine is around 10 hours.
> I know that a lot of folks use such boxes to read email and to login
> to other machines. Often they use SSH to login to other machines
> using a password which is the same they use to get their mail by POP
> (without APOP) - this makes it even easier for an attacker because he
> only needs to sniff on the network and can spy on dozens of users at
> the same time.
>
No plain passwords on my server, thanks. thats a strict policy for using it.
> The upshot is that SSH is only secure if you know what you are doing.
>
> Ciao,
>
> Werner
Anyway, your arguments make a lot of sense to me. Knowing what you are doing is always important, even more when having that cute '#' sign on the prompt - -- /* * Pedro Diaz Jimenez * pdiaz88@terra.es * pdiaz@acm.asoc.fi.upm.es * * Wanna see how 100000! looks like?: * http://acm.asoc.fi.upm.es/~pdiaz/fact_100.000 * * La sabiduria me persigue, pero yo soy mas rapido * * "Las artes marciales son parte de una filosofía, * no deben ser consideradas un arma. Y por eso, * recuerda: No hay nada como un buen revolver" * Les Luthiers, Iniciacion a las Artes Marciales * */ Random quote: - ------------- Dr. Zoidberg: "Talk to the claw." Bender: "Bite my collosal metal ass." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7JVD+nu53feEYxlERAkAPAJ9qZxN8UX5tq6NaBzcqdRxkvEgJnQCg2sug R3YxDof7hx2mClZ8LydF934= =GekF -----END PGP SIGNATURE----- --------------Boundary-00=_ALGS9WRV95APW0MLO09B Content-Type: application/pgp-keys; name="my pgp key" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=public_key.asc LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tClZlcnNpb246IEdudVBHIHYxLjAu NCAoR05VL0xpbnV4KQpDb21tZW50OiBGb3IgaW5mbyBzZWUgaHR0cDovL3d3dy5nbnVwZy5vcmcK Cm1RR2lCRHFjR1pzUkJBREZJYWhOUExrOHN1TWxTMzltOFJxYXRMZ1g0ZE83UFUyRjVwMW9Wdmt5 QjdQYUxRQ3YKRlJFV3dmcmpHcHhBalJueHlaNFRkYUZpMW9DUDQ5NXQ1UjJDZGpQWnUwRWZqc0Vx b3NkTFhrakRzS2wybjRXbwpBZmI2QmFITUpTNVBBREVJMFFmcFpPa0I4T3J1QVpqYS9vR21uNXJU aHlqZ0N4V0hVdUsxQXJtZUd3Q2c3KzlhCm93Zzl3UDFSb2hlUEhKU0RCOWQySFlNRC9pN3oxWDRl ditLOTBMdW1nSndTV2xTY0o3TUVpcDVydzR3cUdPa0sKbEYvQzJuVFlzb1g1Q1ZFbi9wdTdoUk9M L0JXSVl0QmdrTkRhRWpzVnN5Yis0S2pRWGNaVVc1bDNBRGlwV1l4MgpyOXM0c0ZmZVo5bmZoRGNH MGFOWVJjQ05rWVNaL1d4VWtYUzhValZFQUVoa0Z1MUJBKzZVWm1lcTNwS3RKWlRSCitIcUtBLzl6 Um1nVG9uMzZ6dDJxZTllaVI2RHlZMEVwR0VJMGlZK0tZWDZHQy93eGl6ZUhCdzBGVzFlT0VveEYK R2p0eGRCdi9VOXZpN1ZnYXY2YVkrcHI0bGE1cTZqVmFiZTAzWTh5R0RGZUw4ak0rbHF3dzFyenBB QmlHckYrVwpxZ2U2NXpDVWpMM2pKRTUrNXlpK0tjUnlsbGIxT0E3dVhRVHRzUncrVEdxOUR2YWF6 N1F3VUdWa2NtOGdSR2xoCmVpQkthVzFsYm1WNklDaENMazh1Umk1SUxpa2dQSEJrYVdGNk9EaEFk R1Z5Y21FdVpYTStpRllFRXhFQ0FCWUYKQWpxY0dac0VDd29FQXdNVkF3SURGZ0lCQWhlQUFBb0pF Sjd1ZDMzaEdNWlJqMjBBbjJDZTRTL3ZCVHVaRHhuTApXRkJySlJuYzNVZGFBS0RuSVBOUmJ6N3I0 ZGg5QXVCY3BiQ0UxcFEvU0xrQkRRUTZuQm1xRUFRQXI3TzA3RHdzCjV6QWJRdm0xaHdHdGhYS0NI dElJdVdDUGRYL1hrTkc2WnhWL2NYZ3M0TEk0b0FnM0dodHREMkpJRWsyU29WWEUKRk9mL3dJZGRJ RHo3MC85bUlaYXZNdnBSMzFMeEJGU0prMFVwM2NhT3ZUaE05MHdNdHRSaTd0ZzdjZjA0cnJNTQpQ aHk4VDViT0lXL3E1U013WmZmYkpYRDdiQTAvakRMZFE2TUFBd1lELzFlbVN3TlR6T09tTUNaYWRv RUJwS0lFCkhBMzVQMi9tL1NzQ0krcFEvT0tYS1B2dnJRS1RRcVJDY0RhNWFxMzFvU2lUOU01V1E5 NkJsSUdLSFJQV0dwdm0KMDgyMlY3TTlSRjJtWVpQSWZnS2ZUU3ZacFlIemp6K1JNN1B2QkJpQmM5 bDk1dnk3MFNoN1N5d0lGODZIODBBZwpEMGRVSUR0R2xyU0FOaFhqeDRFSmlFWUVHQkVDQUFZRkFq cWNHYW9BQ2drUW51NTNmZUVZeGxIZFZBQ2dqVmhVClk4Q0tmNk1ZWmdRT1I5ZUlETnZUWDBBQW4z ZHdiVzFITHhFRjVPUUtKSXNuZ2wwQlVsWUsKPWQ0UzMKLS0tLS1FTkQgUEdQIFBVQkxJQyBLRVkg QkxPQ0stLS0tLQo= --------------Boundary-00=_ALGS9WRV95APW0MLO09B--