Comment by ErroneousBosh

9 days ago

> If you have a well secured LAN where trust is social SSH gets you nothing. SMTP telnet http being plain were from days when users were able to actually reason about what was happening within their OS

I've had this conversation recently with a "Cyber Architect" who was losing his shit over SNMPv1 on our network passing community strings as plaintext.

Yes. If you sniff the traffic you can see the read-only password, which is left as default, and from that you can deduce that the ODU temperature for the microwave link is 32°C at the moment (pretty toasty for 3° outside air temperature). Big Fucking Whoop.

Concentrate on not having "bad actors" sniffing traffic on our network.

If the burglar is in your kitchen eating your sandwich out of the fridge, the problem is that the burglar is in your kitchen, not that he's eating your sandwich.

2 comments

ErroneousBosh

paradox460 9 days ago

Same feeling I get when I see people freaking out about security flaws in smart locks

A burglar isn't going to hack your lock. He's going to smash your door or window and steal whatever he can get his hands on

ErroneousBosh 9 days ago

I believe there's an XKCD about that.