Re: telnet break-in

To: matthew@sel.cam.ac.uk
Cc: Debian User List <debian-user@lists.debian.org>
Subject: Re: telnet break-in
From: Ossama Othman <othman@astrosun.tn.cornell.edu>
Date: Wed, 26 Aug 1998 10:35:12 -0400 (EDT)
Message-id: <[🔎] Pine.GSO.4.02.9808261032240.4815-100000@breezy.tn.cornell.edu>
Reply-to: Ossama Othman <othman@astrosun.tn.cornell.edu>
In-reply-to: <[🔎] Pine.SOL.3.96.980826081756.2938A-100000@ursa.cus.cam.ac.uk>

> > > Hence the One-Time Password suggestion.  Either way, better to have/use
> > > SSH than use telnet/ftp/r{login,sh,exec}.
> > 
> > I have both SSL-Telnet and SSH installed. I don't type root passwords over
> > clear connections unless it is an emergency.
> 
> Hmm - why is it that emergencies always happen when I'm away from
> Cambridge? ;(

Well, one Debian user seems to have had a break-in.  However, the break-in
wasn't due to any Debian security hole.  The break-in was due to
standard/known UN*X security holes.  For example, allowing incoming
telnets is one (typing clear text passwords over the net).

-Ossama

Reply to:

Follow-Ups:
- Re: telnet break-in
  - From: "Stephen J. Carpenter" <sjc@delphi.com>

References:
- Re: telnet break-in
  - From: "M.C. Vernon" <mcv21@cus.cam.ac.uk>

Prev by Date: Re: Copy entire filesystem
Next by Date: Re: PPP as normal user
Previous by thread: Re: telnet break-in
Next by thread: Re: telnet break-in
Index(es):
- Date
- Thread