What difference does complex passwords make if the password is sent in the
clear. It would be trivial for a cracker to sniff the traffic and grab a
password, then use the account to create havoc.
Box 340, The Valley, Anguilla, British West Indies
Tel: 264 497 5670 Fax: 264 497 8463
USA Fax (561) 382-7771
Take a virtual tour of the island
http://net.ai/ The Anguilla Guide
Find out more about NetConcepts
From: Marc Haber [mailto:email@example.com]
Sent: Sunday, April 30, 2000 5:30 AM
Subject: Re: hacked?
On Thu, 27 Apr 2000 09:02:05 -0400 (EDT), you wrote:
>On the other hand, I do not feel as strongly as other posters that telnet
>needs to be disabled in order to have a secure machine. Strong passwords
>will work just as well. I have an account on a large Solaris network
>where telnet has been open for ages, and will continue to be. The passwd
>program in *incredibly* anal about ensuring that all passwords are
>complex. To my knowledge there has never been a significant security
>breach on this network.
You have been lucky. Even secure passwords can be sniffed, and telnet
sessions already established can be hijacked. That way, the attacker
doesn't even have to wait for your password to fly around.
-------------------------------------- !! No courtesy copies, please
Marc Haber | " Questions are the | Mailadresse im Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
Unsubscribe? mail -s unsubscribe firstname.lastname@example.org <
- Re: hacked?
- From: email@example.com (Marc Haber)