Joe Landman <land...@scalableinformatics.com> writes: > I won't fisk this, other than to note most of the exploits we have > cleaned up for our customers, have been windows based attack vectors. > Contrary to the implication here, the ssh-key attack vector, while a > risk, isn't nearly as dangerous as others, in active use, out there.
I'm really hoping you aren't accusing me of security theatre. This may be a case of differences between user communitites - while I have seen one or maybe two cases where windows-related attacks were involved, I have seen dozens and dozens of cases where ssh key theft was involved. I have a blacklist of literally hundreds of stolen ssh keys from a very large number of sites, and I dearly miss a key revocation mechanism in ssh. We try to educate our users to use either a good strong password or to use ssh keys together with the ssh agent and agent forwarding, so that the private key never needs to leave the user's personal workstation. > Fake security, aka security theatre (c.f. > http://en.wikipedia.org/wiki/Security_theater ) are things you get > when people want to seem like they are doing something, even if the > thing doesn't help, or worse, gives you a false sense of security. See > every anti-virus/anti-phishing package out there for windows. If you > think you are safe because you are running them, you are sadly > mistaken. And on our side of the fence, we get things like Trusted IRIX, with a really elaborate, checkbox-compliant permissions system. Of course, since it was built on IRIX, any serious attacker would cut through it like a hot knife through molten butter, but there obviously wasn't a checkbox for that. -- / Swedish National Infrastructure for Computing Leif Nixon - Security officer < National Supercomputer Centre \ Nordic Data Grid Facility _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
