Re: telnetd vulnerability from BUGTRAQ

To: debian-security@lists.debian.org
Subject: Re: telnetd vulnerability from BUGTRAQ
From: "s. keeling" <keeling@spots.ab.ca>
Date: Sun, 26 Sep 2004 18:58:37 -0600
Message-id: <[🔎] 20040927005837.GE24687@infidel.spots.ab.ca>
In-reply-to: <[🔎] 20040926183350.GL22041@linuxmafia.com>
References: <[🔎] 20040924222453.GE28963@vnl.com> <[🔎] 20040924222812.GA3358@hezmatt.org> <[🔎] 20040924223514.GF28963@vnl.com> <[🔎] 1096078639.10826.11.camel@pitc> <[🔎] Pine.LNX.4.58.0409242337150.22304@hygvzn-guhyr.pnirva.bet> <[🔎] 20040925083859.GH22041@linuxmafia.com> <[🔎] Pine.LNX.4.58.0409251409300.22304@hygvzn-guhyr.pnirva.bet> <[🔎] 20040925211946.GV32311@linuxmafia.com> <[🔎] Pine.LNX.4.58.0409260443210.12432@bobek.sh.cvut.cz> <[🔎] 20040926183350.GL22041@linuxmafia.com>

Incoming from Rick Moen:
> Quoting Milan Jurik (M.Jurik@sh.cvut.cz):
> 
> > The question isn't if stop using telnet. The question is why Debian's
> > telnetd is still vunerable.
> 
> I'd apologise for the off-topic digression -- if I thought I'd given
> offence.  ;->

No-one should have to apologise for warning against bad security
practices.  $DEITY knows the Windows crowd doesn't care about it, but
we're better than that, right?  One unpatched Microsh*t box in your
LAN, and one nitwit using IE, and your whole network is owned.  It
would be irresponsible not to warn others about it.

If/when they get in, they can also get a sniffer in.  If you're
running telnet, you're fooling yourself.  If you're using ssh
ubiquitously, that's yet another vector closed to them.

I don't have a lot of patience for those who think, "Yes, we know the
risks, but we'd rather not change."  Evolution in action, indeed.


-- 
Any technology distinguishable from magic is insufficiently advanced.
(*)               http://www.spots.ab.ca/~keeling 
- -

Reply to:

Follow-Ups:
- Re: telnetd vulnerability from BUGTRAQ
  - From: Milan Jurik <jurikm@bobek.sh.cvut.cz>
- Re: telnetd vulnerability from BUGTRAQ
  - From: David Stanaway <david@stanaway.net>

References:
- Re: telnetd vulnerability from BUGTRAQ
  - From: Dale Amon <amon@vnl.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Matthew Palmer <mpalmer@debian.org>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Dale Amon <amon@vnl.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Peter McAlpine <peter@aoeu.ca>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Richard A Nelson <cowboy@debian.org>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Richard A Nelson <cowboy@debian.org>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Milan Jurik <M.Jurik@sh.cvut.cz>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>

Prev by Date: Re: Debian Hardened project status.
Next by Date: Re: telnetd vulnerability from BUGTRAQ
Previous by thread: Re: telnetd vulnerability from BUGTRAQ
Next by thread: Re: telnetd vulnerability from BUGTRAQ
Index(es):
- Date
- Thread