Re: telnetd vulnerability from BUGTRAQ
On Tue, 28 Sep 2004 at 03:23:15AM -0400, Daniel Pittman wrote:
> Fast I would concede, and easy is a matter of taste, mostly.
>
> I don't know what you imagine is "encrypted" in FTP, though, since that
> is not part of the specification or the standard implementations.
>
> Unless you run an SSL-enhanced or Kerberos FTP client and server, within
> the same realm, there is no encryption involved in FTP.
I would put forth SSH is no more secure than FTP is when one is dealing
with an unknown host. SSH is dependant on a know_host. If information
about a host is not known (public/server key) then SSH is every bit as
easy to eaves drop as FTP. There are many tools that will easily
attempt a man-in-the-middle SSH attack.
--
Phillip Hofmeister
Reply to: