I expect more from c|net than this type of FUDD article.
Secret demands mark escalation in Internet surveillance by the federal government through gaining access to user passwords, which are typically stored in encrypted form.
Sounds really intriguing, huh? Gets your attention? Maybe even pisses you off a bit? That’s what that headline does for me. Well, headlines do sell, or so they say. Unfortunately, if you actually read the entire article, as I did, you’ll find that there’s not much carne in the stew here, folks. What there is in that article is a lot of spokesperson would not say, declined to disclose, would not say, did not respond to queries, and my favorite, doesn’t recall. Now, does that sound to you like an article with some verified sources?
The article does have a lot of interesting technical baloney thrown in as padding, but the main gist, of the article based on what the headline says, kinda’ misses the mark. You know, if you’re some cheesy part-time blogger, like this Nocturnal Slacker fellow, you can get away with posting tripe like this. Your readers (all 19 of them) will love you for you who are, regardless. However, if you’re a big Internet site with a reputation to uphold, you shouldn’t be posting shit like this on your site. That’s just how I feel about it.
And if you don’t think this article was posted primarily to just stir shit, read the comments posted by the assorted whack-jobs, Obama-haters, tea-baggers, and other miscellaneous Michelle Bachman/Sarah Palin loving wing nuts.
Don’t be thinking that the ol’ Nocturnal Slacker is naive enough to think that BIG Gov is innocent of all charges here. The fact is that I’m very pissed off about the ever deepening intrusions perpetrated by this big, ugly, multi-limbed surveillance state monster. My point in writing this particular article is that if you’re going to be a real media outlet and not just play at being one online, then post articles with some real meat!
Hey, looky… at least one sane individual posted a salient comment to that article:
It’s always “The Feds”, or “The Government”, or The NSA”, but never a name. Who is the PERSON behind these privacy crushing moves? We should have names…and we should have a press that wants to know. Instead we are shown only what ‘they’ want us to see and we have no real investigative reporters anymore. We need names….
Well, that’s all for now.
Yes, actually. There are ways to harden your ssh implementations that aren’t that difficult.
An example of a simple way to increase your security when using ssh is to utilize the public/private key security rather than using your remote system’s user passwords to access the device. By using RSA key pairs, you can initialize your remote connection without ever having to expose your remote login’s password to the transfer at all.
I recently reinstalled my Slackware on my main machine (It’s a long story for another time, maybe). One of the things I needed to do was to reestablish my ssh connections between the machines on my local network. I settled in this evening to do just that. I ended up having some laughable issues while attempting to get all my machines talking again. We won’t go there, though.
In the process of troubleshooting my issues with ssh, I ran across Noryungi‘s excellent how-to at the Slackware Documentation Project. This place is really shaping up, no thanks to me. I haven’t been too active there because of my other pursuits lately. However, the dedicated folks who contribute there on a regular basis are kicking ass!
Anyway, using this tutorial, I easily set all three of my machines to use RSA public/private key exchange to initiate my ssh connections. I don’t have to sling my user’s passwords around the Ether anymore. Now anyone sniffing packets will only see the public RSA key bouncing around.
Ain’t technology wonderful?
Well, back to studying tomorrow. My Cisco ICND2/CCNA examination is rapidly approaching. Gotta’ go study up on those pesky routing protocols before bedtime.
Maybe you should read this article from PhysOrg:
Researcher Jeremi Gosney, the founder and CEO of Stricture Consulting Group, was the thinker behind the hardware and software setup that could make 350 billion guesses per second. The result was that eight-character passwords could fall in hours; some passwords could be had in minutes.