[arm-allstar] General Internet Security --was: General Observation

Pierre Martel petem001 at gmail.com
Wed May 17 17:26:26 EST 2017


the original post was about a node that git compromised and started mining
bitcoin. So it had nothing to do with windows.

It is a good subject to talk about. after all, windows security and linux
security is not the same at all.
One other thing. there has been a massive DOS attack done with IOT device
that were not properly setup security wise.
The RPI is one of the IOT device that was part of the attack. many RPI
still have PI and raspberry as there unique login. And raspberry is still
the password for sudo. So it is like giving the key to the OS to anyone.
just have to design a nice port scanner that try every ip on port 22 and
that try to log with the RPI default password and you can find thousand of
RPI open to you.

security by obscurcion (using a different port) do works. but up to a
point. you still need to have a nice password and change all the user
password on already made distro like acid or dial to be on the safe side.
so yes it is a bit scary but people have to learn to use there device
properly. It was the same thing with win2k and the administrator login that
had no password back in 2000. Windows now prevent the use of administrator
and guest to there machine. we need to learn faster then they did back in
Richmond at the MS head office.

Pierre
VE2PF



Le mer. 17 mai 2017 à 17:49, "Doug Crompton via arm-allstar" <
arm-allstar at hamvoip.org> a écrit :

> ​I just want to make it clear since some who don't understand any of this
> may get alarmed about what is being discussed here that Allstar when used
> in a normal manner with good passwords is a safe system. No you don't have
> to add non root users and use sudo. Allstar has run the way it is for over
> 10 years and certainly there have been security enhancements over that time
> and very few issues. Those that have occurred I am sure involved people
> doing things beyond the normal and/or using poor passwords. As Dave said we
> keep up with security issues. It is good to discuss these things but this
> is not an internet security forum and when we get off on tangents that go
> on and on and really don't directly have anything to do with Allstar people
> tend to drop off the list unnecessarily. The recent and never ending
> Windows security issues that probably brought this up initially  have
> nothing to do with Linux or Allstar and in fact if more people used Linux
> as their normal operating system the world would have a lot less computer
> problems.
>> _______________________________________________
>
> arm-allstar mailing list
> arm-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org


More information about the arm-allstar mailing list