From: chris@internal.net   
      
   On 28/01/2025 at 18:30, Michael Schwingen wrote:   
   > On 2025-01-26, Chris Green  wrote:   
   >>   
   >> Is there **really** such a big security issue with default login names   
   >> and passwords on Raspberry Pis?  Surely almost all of them are going   
   >> to be on home networks behind NAT routers and also surely no one is   
   >> going to (without thinking about it a bit!) put confidential data on   
   >> one.  Anyone installing any system which is going to be directly out   
   >> on the internet should be very aware of the risks and will do what's   
   >> required.   
   >   
   > Probably not.  People installing special-purpose distributions (media   
   > player, dns filtering, hoem automazion etc.) may not even be aware that they   
   > need to change the SSH password when they only interact with some web   
   > frontend.   
   >   
   > Also, it is not just the data on the device that is at risk. There is also   
   > the risk that such an exposed machine will be used as part of a botnet to   
   > attack other machines.   
   >   
   > A quick check on shodan shows 86362 hits for "ssh raspbian". If only a small   
   > percentage of these use the default password, that is way too much.   
   >   
   > cu   
   > Michael   
   >   
      
   But ssh is not enabled by default in Raspbian.   
      
      
   --   
   Chris Elvidge, England   
   UNDERWEAR SHOULD BE WORN ON THE INSIDE   
      
   --- SoupGate-DOS v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)