| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201110042123.11017.rjw@sisk.pl> Date: Tue, 4 Oct 2011 21:23:10 +0200 From: "Rafael J. Wysocki" <rjw@...k.pl> To: "H. Peter Anvin" <hpa@...or.com> Cc: "Ted Ts'o" <tytso@....edu>, Josh Triplett <josh@...htriplett.org>, linux-kernel@...r.kernel.org, Jiri Kosina <jkosina@...e.cz> Subject: Re: kernel.org status: establishing a PGP web of trust On Tuesday, October 04, 2011, H. Peter Anvin wrote: > On 10/03/2011 09:49 PM, Ted Ts'o wrote: > > > > Note that if your laptop allows incoming ssh connections, and you > > logged into master.kernel.org with ssh forwarding enabled, your laptop > > may not be safe. So be very, very careful before you assume that your > > laptop is safe. At least one kernel developer, after he got past the > > belief, "surely I could have never had my machine be compromised", > > looked carefully and found rootkits on his machines. > > > > - Ted > > By the way, I'm now pretty convinced that allowing inbound ssh on > laptops (which is the default on all the mainline Linux distros as far > as I know) is seriously broken... laptops get connected to *extremely* > insecure networks on just way too regular a basis. That's very true. I'd recommend everyone to run a full nmap scan of his/her laptop and to block everything it finds open before using it outside of the home network. Thanks, Rafael -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists