Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Remote login from Finder' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Remote login from Finder
Authored by: phidauex on Oct 25, '02 04:23:55PM

The concern isn't the files getting stolen, its the username and password. If I send my password and username around in clear text, someone needs only to sniff those packets, and break into the machine. They don't care about the file I transferred, they care about the password. Once they have a login name and password, they can do quite a bit of nasty stuff. And don't think that just because no one knows your IP address that you are safe, port scanners sit around scanning entire subnets, just hunting for computers to potentially exploit.

As an example of how quickly people start intrusion attempts, check out http://www.honeynet.org They set up 'honey nets' which are computers connected to the internet, with only a default installation, no special programs or software. A network of computers on the same subnet are highly secured, and run sophisticated logging programs that log every packet going in and out of this 'stock' machine. Since the machine has no purpose, no packets will go in and out, until someone tries to break into it, at which point they log the packets, trying to backtrace what the hacker is doing, to learn what exploits they are using, and how to prevent them from doing it in the future. They don't do anything at all to 'attract' hackers to the computer, they simply install the OS, and plug it into the internet. They get hack attempts usually within the first couple of days. If you have a computer with a static IP, there is a very good chance that someone has attempted to hack into it. OS X is moderately secure in its default installation, and not a lot of specialized exploits are known, but that doesn't mean that you are safe. Its worth it to expend a little extra effort to secure your transmission of passwords. No computer is secure once they have access to a user account.

Also, don't think that just because you don't have any valuable info that you are safe. Usually hackers won't hack big jobs from their own computer, they will break into several other computers, preferably ignorant home computer owners, and then remotely use those computers to do the hacking, great way to hide your tracks. They also like to use random little home computers to run IRC servers, serve warez to each other, things like that. Your computer might not have anything valuable on it, but those 40gigs of free space and your high speed DSL would be great for transferring huge warez between their buddies without using up their bandwidth :)

Anyway, not to be a doomsayer or anything, just pointing out that security is a pretty handy thing to keep in mind, regardless of how invisible you think you are.

Oh, and if you have SSH installed on your mac (which, unless you did something to it, you do), you also should have sftp, which works just like ftp, but is secure! I use that all day long on between my computers. And clients like Transmit 2.0 support the SFTP protocol too. Sweet, huh?

Peace,
sam



[ Reply to This | # ]