[CentOS] Another security question

Anne Wilson cannewilson at googlemail.com
Wed Dec 24 17:24:54 UTC 2008


On Wednesday 24 December 2008 17:06:48 Les Mikesell wrote:
> Anne Wilson wrote:
> >> Typically SSL secured sites will at least keep your login credentials
> >> safe. However, someone can still see where you're going by sniffing your
> >> traffic.
> >
> > That's not too much of a concern, if they can't read the actual packets.
> >
> >> If you're very concerned, setup an OpenVPN tunnel that routes all of
> >> your traffic through it. Then, the only thing they'll see from the start
> >> is an SSL connection to somewhere, and that's it.
> >
> > That's probably the next step, then, but it sounds as though I needn't
> > worry too much.  Thanks for answering
>
> Your main worry on an open network is that someone would hack into your
> system via ssh password-guessing or some remote vulnerability.  Wireless
>   doesn't change this much except that there can be people you don't
> expect connected with no additional firewall protection.
>
I'm not worried that the passphrase will be guessed, and I'm completely aware 
of social engineering techniques.  Vulnerabilities are something else - but 
keeping my system up to date is a reasonable precaution.  I know that some 
poor soul gets caught on day1 of a vulnerability being known - I've forgotten 
the name for this - but that's just something that I have to accept.  Do all I 
can, then stop worrying.

> If someone gains root access to your system they can log unencrypted
> keystrokes before the web browser encrypts them.

But they have to get in first.  I'm reasonably confident that they won't - 
accepting that no-one can ever be 100% certain.

In the past I have bought time on hotel systems rather than use a laptop on a 
public network for this job, but if you consider that an hotel employee could 
be a security hole, you are really no better off.

Anne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.centos.org/pipermail/centos/attachments/20081224/53febbef/attachment.bin 


More information about the CentOS mailing list