Sujet : Re: Headless Pi 4B problems - continued
De : chris (at) *nospam* internal.net (Chris Elvidge)
Groupes : comp.sys.raspberry-piDate : 28. Jan 2025, 20:20:06
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <vnbal6$1v92g$1@dont-email.me>
References : 1 2 3 4
User-Agent : Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 Lightning/5.4
On 28/01/2025 at 18:30, Michael Schwingen wrote:
On 2025-01-26, Chris Green <cl@isbd.net> wrote:
>
Is there **really** such a big security issue with default login names
and passwords on Raspberry Pis? Surely almost all of them are going
to be on home networks behind NAT routers and also surely no one is
going to (without thinking about it a bit!) put confidential data on
one. Anyone installing any system which is going to be directly out
on the internet should be very aware of the risks and will do what's
required.
Probably not. People installing special-purpose distributions (media
player, dns filtering, hoem automazion etc.) may not even be aware that they
need to change the SSH password when they only interact with some web
frontend.
Also, it is not just the data on the device that is at risk. There is also
the risk that such an exposed machine will be used as part of a botnet to
attack other machines.
A quick check on shodan shows 86362 hits for "ssh raspbian". If only a small
percentage of these use the default password, that is way too much.
cu
Michael
But ssh is not enabled by default in Raspbian.
-- Chris Elvidge, EnglandUNDERWEAR SHOULD BE WORN ON THE INSIDE
Headless Pi 4B problems - continued
Re: Headless Pi 4B problems - continued
