On Thu, 04 Dec 2003 12:40:42 +0800, csj wrote: > On 3. December 2003 at 5:52PM -0800, > Vineet Kumar <[EMAIL PROTECTED]> wrote: > >> * Monique Y. Herman ([EMAIL PROTECTED]) [031203 16:59]: >> > I have been wondering about the password-sniffing thing, too. >> > If you send a password using ssh, isn't it encrypted? >> > >> > I suppose some debian developer's kid sister could have >> > installed a keystroke logger on the dev machine ... um ... >> >> Almost there -- minus the assumption that one needs physical >> access to a machine to install a keystroke logger. At the risk >> of perpetuating the telephone game, I recall reading that the >> developer's machine had been rooted. I didn't hear how, but I >> don't really see how it matters. I picture an always-on >> machine in someone's home on a DSL or cable line. > > Now I'm curious: is it possible to get rooted while on dialup? > I'm thinking of a user with access to a slow but dirt cheap > dialup connection and so is online for significant stretches, > say, eight hours. This also assumes that no trojans or similar > have been installed on the user's system. > > [...]
I use dialup (no option out in the sticks of Central Florida, even my modem has a little wooden handle you have to crank to get the operator to connect you). I have all services locked down to localhost; my only connections to the outside world are mail, news via nntpcached, web via squid... I run Apache but it too is locked down to localhost. My mail is run through my ISP's (earthlink's) virus and spam filters before I get it (otherwise I'd be getting like 10 Svens per day). I do see, from time to time, Apache refusing connections attempts which are generally attacks by Windoze worms. -- ....................paul "The number of UNIX installations has grown to 10, with more expected." (The UNIX Programmer's Manual, 2nd Edition, June 1972) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
