Re: telnetd vulnerability from BUGTRAQ

To: "s. keeling" <keeling@spots.ab.ca>
Cc: debian-security@lists.debian.org
Subject: Re: telnetd vulnerability from BUGTRAQ
From: David Stanaway <david@stanaway.net>
Date: Tue, 28 Sep 2004 10:31:37 -0500
Message-id: <[🔎] 1096385498.28718.17.camel@david.dialmex.net>
In-reply-to: <[🔎] 20040927005837.GE24687@infidel.spots.ab.ca>
References: <[🔎] 20040924222453.GE28963@vnl.com> <[🔎] 20040924222812.GA3358@hezmatt.org> <[🔎] 20040924223514.GF28963@vnl.com> <[🔎] 1096078639.10826.11.camel@pitc> <[🔎] Pine.LNX.4.58.0409242337150.22304@hygvzn-guhyr.pnirva.bet> <[🔎] 20040925083859.GH22041@linuxmafia.com> <[🔎] Pine.LNX.4.58.0409251409300.22304@hygvzn-guhyr.pnirva.bet> <[🔎] 20040925211946.GV32311@linuxmafia.com> <[🔎] Pine.LNX.4.58.0409260443210.12432@bobek.sh.cvut.cz> <[🔎] 20040926183350.GL22041@linuxmafia.com> <[🔎] 20040927005837.GE24687@infidel.spots.ab.ca>

On Sun, 2004-09-26 at 18:58 -0600, s. keeling wrote:
> No-one should have to apologise for warning against bad security
> practices.  $DEITY knows the Windows crowd doesn't care about it, but
> we're better than that, right?  One unpatched Microsh*t box in your
> LAN, and one nitwit using IE, and your whole network is owned.  It
> would be irresponsible not to warn others about it.
> 
> If/when they get in, they can also get a sniffer in.  If you're
> running telnet, you're fooling yourself.  If you're using ssh
> ubiquitously, that's yet another vector closed to them.
> 
> I don't have a lot of patience for those who think, "Yes, we know the
> risks, but we'd rather not change."  Evolution in action, indeed.

This kind of attitude is not very productive. Some people still need
telnet. So it should be patched, otherwise it should be removed from the
archive. End of discussion.

-- 
David Stanaway <david@stanaway.net>

Reply to:

References:
- Re: telnetd vulnerability from BUGTRAQ
  - From: Dale Amon <amon@vnl.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Matthew Palmer <mpalmer@debian.org>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Dale Amon <amon@vnl.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Peter McAlpine <peter@aoeu.ca>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Richard A Nelson <cowboy@debian.org>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Richard A Nelson <cowboy@debian.org>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Milan Jurik <M.Jurik@sh.cvut.cz>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: "s. keeling" <keeling@spots.ab.ca>

Prev by Date: Re: BAHAHA was (telnetd vulnerability from BUGTRAQ)
Next by Date: Re: telnetd vulnerability from BUGTRAQ
Previous by thread: Re: telnetd vulnerability from BUGTRAQ
Next by thread: Re: telnetd vulnerability from BUGTRAQ
Index(es):
- Date
- Thread