GnuPG in universities
Pedro Diaz Jimenez
pdiaz88@terra.es
Mon Jun 11 23:17:01 2001
--------------Boundary-00=_ALGS9WRV95APW0MLO09B
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday 11 June 2001 07:36, Werner Koch wrote:
> || On Mon, 11 Jun 2001 00:06:58 +0000
> || Pedro Diaz Jimenez <pdiaz88@terra.es> wrote:
>
> pdj> anyway?. And for the sniffing stuff, I never use something less
> secure than pdj> ssh (more secure, for me, is typing at the machine
> keyboard)
>
> This is the most important thing to consider when you use a random
> box located somewhere on the campus. Expect that everything you type
> on this box is logged. Even an unexperienced cracker can insert a
> keystroke recorder into the keyboard cable - you won't notice that and
> it is a matter of seconds to install it. The most common method
> however is to trojan the login program and then later log everything
> you type. This is an everydays attack and not some esoteric hack.
>
I was talking about sniffing passwords. The reason that makes me worry the
most is some script kiddie who owns a box someplace in my university sniffing
passwords.
Someone owning my server is more unlikely (*don't missinterpret this*). I
mean, the longest time without a security check on the machine is around
10 hours.
> I know that a lot of folks use such boxes to read email and to login
> to other machines. Often they use SSH to login to other machines
> using a password which is the same they use to get their mail by POP
> (without APOP) - this makes it even easier for an attacker because he
> only needs to sniff on the network and can spy on dozens of users at
> the same time.
>
No plain passwords on my server, thanks. thats a strict policy for using it.
> The upshot is that SSH is only secure if you know what you are doing.
>
> Ciao,
>
> Werner
Anyway, your arguments make a lot of sense to me. Knowing what you are doing
is always important, even more when having that cute '#' sign on the prompt
- --
/*
* Pedro Diaz Jimenez
* pdiaz88@terra.es
* pdiaz@acm.asoc.fi.upm.es
*
* Wanna see how 100000! looks like?:
* http://acm.asoc.fi.upm.es/~pdiaz/fact_100.000
*
* La sabiduria me persigue, pero yo soy mas rapido
*
* "Las artes marciales son parte de una filosofía,
* no deben ser consideradas un arma. Y por eso,
* recuerda: No hay nada como un buen revolver"
* Les Luthiers, Iniciacion a las Artes Marciales
*
*/
Random quote:
- -------------
Dr. Zoidberg: "Talk to the claw."
Bender: "Bite my collosal metal ass."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7JVD+nu53feEYxlERAkAPAJ9qZxN8UX5tq6NaBzcqdRxkvEgJnQCg2sug
R3YxDof7hx2mClZ8LydF934=
=GekF
-----END PGP SIGNATURE-----
--------------Boundary-00=_ALGS9WRV95APW0MLO09B
Content-Type: application/pgp-keys;
name="my pgp key"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=public_key.asc
LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tClZlcnNpb246IEdudVBHIHYxLjAu
NCAoR05VL0xpbnV4KQpDb21tZW50OiBGb3IgaW5mbyBzZWUgaHR0cDovL3d3dy5nbnVwZy5vcmcK
Cm1RR2lCRHFjR1pzUkJBREZJYWhOUExrOHN1TWxTMzltOFJxYXRMZ1g0ZE83UFUyRjVwMW9Wdmt5
QjdQYUxRQ3YKRlJFV3dmcmpHcHhBalJueHlaNFRkYUZpMW9DUDQ5NXQ1UjJDZGpQWnUwRWZqc0Vx
b3NkTFhrakRzS2wybjRXbwpBZmI2QmFITUpTNVBBREVJMFFmcFpPa0I4T3J1QVpqYS9vR21uNXJU
aHlqZ0N4V0hVdUsxQXJtZUd3Q2c3KzlhCm93Zzl3UDFSb2hlUEhKU0RCOWQySFlNRC9pN3oxWDRl
ditLOTBMdW1nSndTV2xTY0o3TUVpcDVydzR3cUdPa0sKbEYvQzJuVFlzb1g1Q1ZFbi9wdTdoUk9M
L0JXSVl0QmdrTkRhRWpzVnN5Yis0S2pRWGNaVVc1bDNBRGlwV1l4MgpyOXM0c0ZmZVo5bmZoRGNH
MGFOWVJjQ05rWVNaL1d4VWtYUzhValZFQUVoa0Z1MUJBKzZVWm1lcTNwS3RKWlRSCitIcUtBLzl6
Um1nVG9uMzZ6dDJxZTllaVI2RHlZMEVwR0VJMGlZK0tZWDZHQy93eGl6ZUhCdzBGVzFlT0VveEYK
R2p0eGRCdi9VOXZpN1ZnYXY2YVkrcHI0bGE1cTZqVmFiZTAzWTh5R0RGZUw4ak0rbHF3dzFyenBB
QmlHckYrVwpxZ2U2NXpDVWpMM2pKRTUrNXlpK0tjUnlsbGIxT0E3dVhRVHRzUncrVEdxOUR2YWF6
N1F3VUdWa2NtOGdSR2xoCmVpQkthVzFsYm1WNklDaENMazh1Umk1SUxpa2dQSEJrYVdGNk9EaEFk
R1Z5Y21FdVpYTStpRllFRXhFQ0FCWUYKQWpxY0dac0VDd29FQXdNVkF3SURGZ0lCQWhlQUFBb0pF
Sjd1ZDMzaEdNWlJqMjBBbjJDZTRTL3ZCVHVaRHhuTApXRkJySlJuYzNVZGFBS0RuSVBOUmJ6N3I0
ZGg5QXVCY3BiQ0UxcFEvU0xrQkRRUTZuQm1xRUFRQXI3TzA3RHdzCjV6QWJRdm0xaHdHdGhYS0NI
dElJdVdDUGRYL1hrTkc2WnhWL2NYZ3M0TEk0b0FnM0dodHREMkpJRWsyU29WWEUKRk9mL3dJZGRJ
RHo3MC85bUlaYXZNdnBSMzFMeEJGU0prMFVwM2NhT3ZUaE05MHdNdHRSaTd0ZzdjZjA0cnJNTQpQ
aHk4VDViT0lXL3E1U013WmZmYkpYRDdiQTAvakRMZFE2TUFBd1lELzFlbVN3TlR6T09tTUNaYWRv
RUJwS0lFCkhBMzVQMi9tL1NzQ0krcFEvT0tYS1B2dnJRS1RRcVJDY0RhNWFxMzFvU2lUOU01V1E5
NkJsSUdLSFJQV0dwdm0KMDgyMlY3TTlSRjJtWVpQSWZnS2ZUU3ZacFlIemp6K1JNN1B2QkJpQmM5
bDk1dnk3MFNoN1N5d0lGODZIODBBZwpEMGRVSUR0R2xyU0FOaFhqeDRFSmlFWUVHQkVDQUFZRkFq
cWNHYW9BQ2drUW51NTNmZUVZeGxIZFZBQ2dqVmhVClk4Q0tmNk1ZWmdRT1I5ZUlETnZUWDBBQW4z
ZHdiVzFITHhFRjVPUUtKSXNuZ2wwQlVsWUsKPWQ0UzMKLS0tLS1FTkQgUEdQIFBVQkxJQyBLRVkg
QkxPQ0stLS0tLQo=
--------------Boundary-00=_ALGS9WRV95APW0MLO09B--