[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Update to BCP-38?

Subject: Update to BCP-38?
From: valdis.kletnieks at vt.edu (Valdis Klētnieks)
Date: Tue, 08 Oct 2019 15:17:59 -0400
In-reply-to: <[email protected]>
References: <[email protected]>

On Tue, 08 Oct 2019 11:53:33 -0600, "Keith Medcalf" said:

> So while the cost of doing the thing may be near-zero, it is not zero.

And in fact, there's more than just the costs of doing it. There's also the costs
of having done it.

Obfuscating your OpenSSH versions is a *really* good way to make your security
scanners that flag backleveled systems fail to flag the systems.

Which can cause a really uncomfortable conversation with the CIO about why the
local newspaper's front page is running a story about how your organization got
totally pwned via a backleveled OpenSSH on one cluster of 5 servers.....

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191008/3685c740/attachment.sig>

References:
- Update to BCP-38?
  - From: kmedcalf at dessus.com (Keith Medcalf)

Prev by Date: IPv6 Pain Experiment
Next by Date: IPv6 Pain Experiment
Previous by thread: Update to BCP-38?
Next by thread: Update to BCP-38?
Index(es):
- Date
- Thread