| Deutsch English Français Italiano |
|
<vnbal6$1v92g$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: Chris Elvidge <chris@internal.net> Newsgroups: comp.sys.raspberry-pi Subject: Re: Headless Pi 4B problems - continued Date: Tue, 28 Jan 2025 19:20:06 +0000 Organization: A noiseless patient Spider Lines: 34 Message-ID: <vnbal6$1v92g$1@dont-email.me> References: <j5gh6l-upd2.ln1@q957.zbmc.eu> <vn5qfh$3v2v6$1@dont-email.me> <tvai6l-5kh2.ln1@q957.zbmc.eu> <slrnvpi8iq.5d7.news-1513678000@a-tuin.ms.intern> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Tue, 28 Jan 2025 20:20:07 +0100 (CET) Injection-Info: dont-email.me; posting-host="4493bb31f5bd643777bad50d80ef39bd"; logging-data="2073680"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/laFdo3y/gs4ZpPSU5eliYh+d2zJqFwDM=" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 Lightning/5.4 Cancel-Lock: sha1:Kn9Tvum6dHteAgq1mThIlEO81LE= In-Reply-To: <slrnvpi8iq.5d7.news-1513678000@a-tuin.ms.intern> Content-Language: en-GB Bytes: 2516 On 28/01/2025 at 18:30, Michael Schwingen wrote: > On 2025-01-26, Chris Green <cl@isbd.net> wrote: >> >> Is there **really** such a big security issue with default login names >> and passwords on Raspberry Pis? Surely almost all of them are going >> to be on home networks behind NAT routers and also surely no one is >> going to (without thinking about it a bit!) put confidential data on >> one. Anyone installing any system which is going to be directly out >> on the internet should be very aware of the risks and will do what's >> required. > > Probably not. People installing special-purpose distributions (media > player, dns filtering, hoem automazion etc.) may not even be aware that they > need to change the SSH password when they only interact with some web > frontend. > > Also, it is not just the data on the device that is at risk. There is also > the risk that such an exposed machine will be used as part of a botnet to > attack other machines. > > A quick check on shodan shows 86362 hits for "ssh raspbian". If only a small > percentage of these use the default password, that is way too much. > > cu > Michael > But ssh is not enabled by default in Raspbian. -- Chris Elvidge, England UNDERWEAR SHOULD BE WORN ON THE INSIDE