Re: telnetd vulnerability from BUGTRAQ
Incoming from Rick Moen:
> Quoting Milan Jurik (M.Jurik@sh.cvut.cz):
>
> > The question isn't if stop using telnet. The question is why Debian's
> > telnetd is still vunerable.
>
> I'd apologise for the off-topic digression -- if I thought I'd given
> offence. ;->
No-one should have to apologise for warning against bad security
practices. $DEITY knows the Windows crowd doesn't care about it, but
we're better than that, right? One unpatched Microsh*t box in your
LAN, and one nitwit using IE, and your whole network is owned. It
would be irresponsible not to warn others about it.
If/when they get in, they can also get a sniffer in. If you're
running telnet, you're fooling yourself. If you're using ssh
ubiquitously, that's yet another vector closed to them.
I don't have a lot of patience for those who think, "Yes, we know the
risks, but we'd rather not change." Evolution in action, indeed.
--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://www.spots.ab.ca/~keeling
- -
Reply to: