[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ProgSoc] https:// a security risk?

To: Christian Kent <whophd@nospam.progsoc.uts.edu.au>
Subject: Re: [ProgSoc] https:// a security risk?
From: Chris Mewett <bemused@nospam.progsoc.uts.edu.au>
Date: Sun, 18 Feb 2001 08:51:07 +1100 (EST)
cc: The Programmers' Society <progsoc@nospam.progsoc.uts.edu.au>
In-Reply-To: <Pine.LNX.4.21.0102180044550.3985-100000@nospam.ftoomsh.progsoc.uts.edu.au>
List-Archive: <http://www.progsoc.uts.edu.au/lists/progsoc/>
List-Id: <progsoc.progsoc.uts.edu.au>
Resent-Date: Sun, 18 Feb 2001 08:51:16 +1100
Resent-From: progsoc@nospam.progsoc.uts.edu.au
Sender: owner-progsoc@nospam.progsoc.uts.edu.au

On Sun, 18 Feb 2001, Christian Kent wrote:

<snip>
> Same with SSH, but I guess that's down to ignorance.  So is it also

Are you kidding about SSH? SSH is a huge risk when you can't trust your
users (which seems often):

1. You can't state inspect an encrypted session, so you're letting any TCP
22 out.
2. The protocol allows port forwardings in either direction, exposing any
internal resources the user can access.


Don't get me wrong, SSH has its uses, but its certainly not a protocol
that makes sense in any sort of "default allow" situation.

--chris.

<snip>

-
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@nospam.progsoc.uts.edu.au.
If you are having trouble, ask owner-progsoc@nospam.progsoc.uts.edu.au for help.

References:
- [ProgSoc] https:// a security risk?
  - From: Christian Kent <whophd@nospam.progsoc.uts.edu.au>

Prev by Date: Re: [ProgSoc] https:// a security risk?
Next by Date: [ProgSoc] Snowhite and the Seven Dwarfs - The REAL story!
Prev by thread: Re: [ProgSoc] https:// a security risk?
Next by thread: No Subject
Index(es):
- Date
- Thread