[TriLUG] ssh question

Brian Gerard via TriLUG trilug at trilug.org
Mon Oct 24 12:19:47 EDT 2016


I won't harp on this since it's really not the main point of the discussion,
but I do feel that I should at least put this out there.

In the past month, there have been two titanic DDoS attacks[1][2] carried out
by actors using massive botnets consisting almost exclusively of IoT devices.
One of the primary methods they used to grow those botnets were finding
devices with default credentials.  In many (most?) cases, these were things
like connected security cameras and DVRs and the like with thoroughly broken
security that cannot be fixed by the end user.  Your Pi can be, and I would
recommend doing so.  You don't have to harden it to the nth degree or anything,
but even changing default passwords can raise the bar sufficiently to prevent
your Pi from becoming an unwitting participant in the next attack.
</Soapbox>  ;)

HTH-
Brian

[1] https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/
[2] https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-twitter-spotify-reddit/

On 10/24/2016 12:08 PM, Grawburg via TriLUG wrote:
> Here's why security is not an issue.
> 1. The remote Pi (2 floors below) will be accessed for less than 10 minutes and then only a couple of times a month.
> 2. There is no data anyone would want to view or steal even if they could get into the network.
> 3. If we've not had anyone hack into our network since I've been here (8 years) I don't think they're going to.
> 
> Brian
> 
> -----Original Message-----
> From: "Robert Dale" <robdale at gmail.com>
> To: "Grawburg" <grawburg at myglnc.com>, "Triangle Linux Users Group General Discussion" <trilug at trilug.org>
> Date: 10/24/16 11:54 AM
> Subject: Re: [TriLUG] ssh question
> 
> It's this mindset which is why IoT are being taken over in droves. If it's on any network, especially if it can reach internet, be reached from internet, or is wireless, security MUST be a consideration.
>  
> On Mon, Oct 24, 2016 at 11:31 AM, Grawburg via TriLUG <trilug at trilug.org> wrote:
> I have small project that requires me to log into a Raspberry Pi a few floors away using ssh. Security is NOT a consideration in anyway, shape, or form.
> The Pi uses the default password, raspberry - I have no need to change it.
> The script I will write is going on another Pi that one other person will use to start an application on the remote Pi. (That Pi will run PiPresents to start a presentation on a large monitor.)
> I can't seem to find an easy way to get the script to automatically supply the password.  Of course, it's no big thing for the guy to remember what the password is, but I want to make the script all-encompassing so it will change to the correct directory and then start the program rather than needing to have two scripts.
> 
> Thanks,
> Brian Grawburg
> Wilson
> 
> --
> [This was sent from a PC running Debian 7, 64-bit Linux. No Microsoft products were used.]
> 
> 
> 
> 
> --
> This message was sent to: Robert Dale <robdale at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  : http://www.trilug.org/mailman/options/trilug/robdale%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome 
> 
> 
> 
> --
> Robert Dale
>  
>  
> 
> 



More information about the TriLUG mailing list