From owner-freebsd-security  Wed Mar 20  7:53: 8 2002
Delivered-To: freebsd-security@freebsd.org
Received: from spitfire.velocet.net (spitfire.velocet.net [216.138.223.227])
	by hub.freebsd.org (Postfix) with ESMTP id 8573A37B400
	for <security@FreeBSD.ORG>; Wed, 20 Mar 2002 07:53:02 -0800 (PST)
Received: from office.tor.velocet.net (trooper.velocet.net [216.138.242.2])
	by spitfire.velocet.net (Postfix) with ESMTP
	id 8D98EFB458A; Wed, 20 Mar 2002 10:53:01 -0500 (EST)
Received: (from dgilbert@localhost)
	by office.tor.velocet.net (8.11.6/8.9.3) id g2KFqvt90525;
	Wed, 20 Mar 2002 10:52:57 -0500 (EST)
	(envelope-from dgilbert)
From: David Gilbert <dgilbert@velocet.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15512.45145.604882.548449@trooper.velocet.net>
Date: Wed, 20 Mar 2002 10:52:57 -0500
To: Chris Johnson <cjohnson@palomine.net>
Cc: Mitch Collinsworth <mitch@ccmr.cornell.edu>, security@FreeBSD.ORG
Subject: [security] Re: Safe SSH logins from public, untrusted Windows computers
In-Reply-To: <20020319151512.E43336@palomine.net>
References: <20020319144538.A42969@palomine.net>
	<Pine.LNX.4.44.0203191505380.1138-100000@ruby.ccmr.cornell.edu>
	<20020319151512.E43336@palomine.net>
X-Mailer: VM 7.00 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

>>>>> "Chris" == Chris Johnson <cjohnson@palomine.net> writes:

Chris> I've travelled with a laptop for years, and that's what I
Chris> usually use. But the hotels I stay in are in all parts of the
Chris> world, and while we take cheap local phone access for granted
Chris> in the U.S., in many countries it's exorbitantly expensive (the
Chris> hotels charge a lot for it anyway). And ISPs that have
Chris> world-wide dialup access charge by the minute. So Internet
Chris> cafes and hotel business centers are frequently the most
Chris> economical way of connecting to the Internet.

You'd probably find that all those hotels are using some form of
ethernet to connect their machine.  If they're on a single dialup per
machine, you can hack the windoze password and then use it.  Simply
connect the network connection to your laptop when you sit down.

You can't to trusted work on an untrusted machine.  This is the
problem that the music/content industry is facing.  There are things
you can do that surf the law of averages --- like using s/key.  The
argument there is that what you're doing is unusual enough that the
hacker will pick on easier prey.

Dave.

-- 
============================================================================
|David Gilbert, Velocet Communications.       | Two things can only be     |
|Mail:       dgilbert@velocet.net             |  equal if and only if they |
|http://daveg.ca                              |   are precisely opposite.  |
=========================================================GLO================

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message