I'll skip that honor.   I am aware of things like SSH brute force attacks (I do have a iptables throttle on that that limits attempts to a couple of tries), but I make no claim to really know the ins and outs of SSH. So, you are basically saying there is NO secure way to ever connect to a machine remotely? That's rather depressing. So it's more of a hope that someone who knows what they are doing will never target you specifically.

Phil W.


On Sat, Apr 20, 2013 at 1:32 AM, Lisa Kachold <lisakachold@obnosis.com> wrote:

Your key is as sècure as the version of SSL/SSH.  Îf you lèave password SSH login via. Pam.d ènabled, you will be targeted by more than DefCon's hackers!  The mere fact that you have SSH turned ôn indicàtes you do not understand the risks.  Your passwords most probably fail to be adequately complex?  What's your router IP; we will make you a flag at the next hackfest?

On Apr 19, 2013 11:52 PM, "Phil Waclawski" <phil.waclawski@mesacc.edu> wrote:
Well, I'm attending it in the hopes of learning about how some of these attacks work, and how to defend against them. Helps me teach my students better practices (and myself as well).

To be honest, I had planned on having an old laptop with a brand new kubuntu install on it (no data I care about) and just doing some blender work and note taking offline, and never connecting it to a network while at the convention.

However, I'm curious, if I set up an ssh tunnel to a server I've already established a Key system with, wouldn't ssh throw up a huge warning from a man in the middle attack not having the right "handshake"? At that point I'd only be hosed if I was dumb enough to say "connect anyway"?.

Phil W.


On Fri, Apr 19, 2013 at 10:30 PM, der.hans <PLUGd@lufthans.com> wrote:
Am 19. Apr, 2013 schwätzte Alan Dayley so:

moin moin Alan,


Why in the world would anyone actually attend a conference where you KNOW
people are going to attack your electronics and data? Erasing everyone's

It's in the city where people pay to let someone steal from them, so it
fits the theme.

http://www.newyorker.com/online/blogs/culture/2013/01/video-the-art-of-pickpocketing.html


credit cards? For the lulz, I guess. It sounds like a bunch of very smart
trolls getting together to see who can out-troll who. I would just
be collateral damage in such a group. I guess it's an effective way to keep
the non-trolls and newbies out of the "defcon club." Or maybe it is a from
of hazing.

And, if I HAD to go, cash, pen and paper is all I would bring.

Make sure to keep them somewhere safe ;-).

ciao,

der.hans
--
#  http://www.LuftHans.com/        http://www.LuftHans.com/Classes/
#  Like the maid, I don't do (M$)Windows. - der.hans
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss