March 10th, 2014
Difference Engine: The end of trust
"A dirty little secret of enterprise computing is that practically every server in an organisation has a backdoor offering full “root” access to the machine—ie, permission to do anything…. A dirty bigger secret is that the “secure-shell” (SSH)—a cryptographic security protocol used by administrators to send commands to machines on the network—is rarely as secure as imagined. As SSH is an encrypted communications channel that bypasses all security measures on a computer, even administrators need a digital key to authenticate their use of it. But because SSH commands are used daily, the keys are often left lying around with little security to keep them out of the wrong hands."