Sujet : Re: Headless Pi 4B problems - continued
De : news-1513678000 (at) *nospam* discworld.dascon.de (Michael Schwingen)
Groupes : comp.sys.raspberry-piDate : 28. Jan 2025, 19:30:50
Autres entêtes
Message-ID : <slrnvpi8iq.5d7.news-1513678000@a-tuin.ms.intern>
References : 1 2 3
User-Agent : slrn/1.0.3 (Linux)
On 2025-01-26, Chris Green <
cl@isbd.net> wrote:
>
Is there **really** such a big security issue with default login names
and passwords on Raspberry Pis? Surely almost all of them are going
to be on home networks behind NAT routers and also surely no one is
going to (without thinking about it a bit!) put confidential data on
one. Anyone installing any system which is going to be directly out
on the internet should be very aware of the risks and will do what's
required.
Probably not. People installing special-purpose distributions (media
player, dns filtering, hoem automazion etc.) may not even be aware that they
need to change the SSH password when they only interact with some web
frontend.
Also, it is not just the data on the device that is at risk. There is also
the risk that such an exposed machine will be used as part of a botnet to
attack other machines.
A quick check on shodan shows 86362 hits for "ssh raspbian". If only a small
percentage of these use the default password, that is way too much.
cu
Michael
-- Some people have no respect of age unless it is bottled.
Headless Pi 4B problems - continued
Re: Headless Pi 4B problems - continued
