Re: telnet break-in

To: Ossama Othman <othman@astrosun.tn.cornell.edu>
Cc: " Raymond A. Ingles" <inglesra@frc.com>, Debian User List <debian-user@lists.debian.org>
Subject: Re: telnet break-in
From: George Bonser <grep@shorelink.com>
Date: Tue, 25 Aug 1998 11:05:26 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.980825110245.19709A-100000@calvin.shorelink.com>
Reply-to: grep@oriole.sbay.org
In-reply-to: <[🔎] Pine.GSO.4.02.9808251134370.1074-100000@breezy.tn.cornell.edu>

On Tue, 25 Aug 1998, Ossama Othman wrote:

> Bummer!  It appears that it is time for you disable all of those incoming
> services we mentioned.  Have you considered using Secure Shell?  If you
> can't use Secure Shell, you might want to try One-Time Password packages,
> such as OPIE.  I believe that even WU-FTP is starting to support one time
> passwords, too.
> 
> -Ossama

Uhm, secure shell is not the answer to all problems. It WILL revert to an
unsecure protocol if the other end can not establish an encrypted session.
Also, it is still just as easy to log in with a cracked password. About
the only thing it is really great at is making sure that the other machine
really has permission for a password-less login. Still, even THIS can be
hacked if someone has gotten onto the machine in the past and snarfed a
copy of your public ssh key.

George Bonser

The Linux "We're never going out of business" sale at an FTP site near you!

Reply to:

Follow-Ups:
- Re: telnet break-in
  - From: Ossama Othman <othman@astrosun.tn.cornell.edu>

References:
- Re: telnet break-in
  - From: Ossama Othman <othman@astrosun.tn.cornell.edu>

Prev by Date: Re: pine installation
Next by Date: Re: proper permissions & group for /dev/audio
Previous by thread: Re: telnet break-in
Next by thread: Re: telnet break-in
Index(es):
- Date
- Thread