SSH transitive trust attack
SSH transitive trust attack
Posted Jul 12, 2005 2:02 UTC (Tue) by emkey (guest, #144)In reply to: SSH transitive trust attack by dskoll
Parent article: The coming Web security woes (News.com)
Lets just say that there are still ways around that. And yes, I know of at least one which I won't mention here in public.
Anyone who doesn't authenticate to each and every system they connect to by means of some form of password (preferably a one time password) is very very foolish in my opinion if they don't think they are seriously compromising their security.
Takes me back to the days when sun shipped all their systems with /etc/hosts.equiv files that had nothing but a single plus and users created .rhosts files that included every system they logged into or from.
Posted Jul 14, 2005 12:29 UTC (Thu)
by nix (subscriber, #2304)
[Link] (1 responses)
Posted Jul 14, 2005 13:57 UTC (Thu)
by emkey (guest, #144)
[Link]
SSH transitive trust attack
Lets just say that there are still ways around that. And yes, I know of at least one which I won't mention here in public.
That's more than mildly reminiscent of `the lurkers support me in e-mail'.
(Obviously if a keylogger is running on your machine, your passphrase is toast!)
No, it is very much reminiscent of somebody (me) who doesn't want to give out sensitive information. And thats all I can say alas.SSH transitive trust attack