Subj : Re: Headless Pi 4B problems - continued To : Michael Schwingen From : Chris Elvidge Date : Tue Jan 28 2025 19:20:06 On 28/01/2025 at 18:30, Michael Schwingen wrote: > On 2025-01-26, Chris Green wrote: >> >> Is there **really** such a big security issue with default login names >> and passwords on Raspberry Pis? Surely almost all of them are going >> to be on home networks behind NAT routers and also surely no one is >> going to (without thinking about it a bit!) put confidential data on >> one. Anyone installing any system which is going to be directly out >> on the internet should be very aware of the risks and will do what's >> required. > > Probably not. People installing special-purpose distributions (media > player, dns filtering, hoem automazion etc.) may not even be aware that they > need to change the SSH password when they only interact with some web > frontend. > > Also, it is not just the data on the device that is at risk. There is also > the risk that such an exposed machine will be used as part of a botnet to > attack other machines. > > A quick check on shodan shows 86362 hits for "ssh raspbian". If only a small > percentage of these use the default password, that is way too much. > > cu > Michael > But ssh is not enabled by default in Raspbian. -- Chris Elvidge, England UNDERWEAR SHOULD BE WORN ON THE INSIDE --- SoupGate-Win32 v1.05 * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3) .