Re: How to contact administrator?
I don't have a real problem with the plain text password issue. I know this is
crappy security. But here's the real problem. This is a *huge* isp. One that
has a nationally branded name. (Which means I have to worry just as much
about who's inside their network as well, right? I probably shouldn't even
mention this as I'm sure this info can be used by someone motivated enough to
check my mail headers...) They are forcing me to use the same username/password
for ftp web page uploads as my user account!!!! I could care less if someone
compromises my "ftp web page upload" and turns my pitiful little site into some
manifesto for the cUltOFfreeQqinessOhyEah! But I do care if I have the FBI
knocking on my door telling me I hacked such and such site, see, here are the
logs, it's your account.
Thanks for all the advice though. I'm going to start shopping around and see
what else is available. In the mean time I've sent emails to every possible
combination of user@myisp.com that I think will get through to an
administrator. Who knows, maybe my email will give some administrator some
ammo to take to the next board meeting ;-)
Jesse
On Fri, 10 Nov 2000, nate@firetrail.com wrote:
> what does the ftp prompt say when you connect? sometimes that can give it
> away .. if your concerned about security then change isps. don't expect
> many isps to support secure file transfers though its not very common for
> end users to know how to do it so most don't support it.(I run an isp and
> i WISH i could close off ftp). keep in mind other plaintext protocols such
> as POP3 and IMAP4 if your using email with either of these your password
> is just as easily sniffed as it is using ftp.(I offer IMAP4 over SSL to
> customers but i dont think anyone uses it except me)
>
> if security is *that* important i suggest you change isps, or better yet
> co-locate a machine somewhere ..or get a good dsl line, or if you cant get
> dsl move to where you can :)
>
> before i get on an isp i always drill their support and administrative
> staff on technical issues before i even consider using them. ones that
> don't measure up don't get my business and yes i will pay 2-3x+ more for a
> isp that is good then dirt cheap or free for one that is bad (should note
> that i used to work for freeinternet.com ...*cough* )
>
>
> nate
>
> On Fri, 10 Nov 2000, Jesse Goerz wrote:
>
> jgoerz >I'm trying to contact the sys-admin for my ISP because I don't like the
> jgoerz >security they use for uploading personal web pages. (They use plain text ftp,
> jgoerz >which is bad enough, but no, they have to do one better, they don't allow you
> jgoerz >to even change your username/password so anyone on the network can sniff it and
> jgoerz >have complete access to your account!) Anyway, I know they run some type of
> jgoerz >unix and I need to know how to finger or whatever to find out who is running
> jgoerz >the system. I hoping that they aren't aware of this and that if I point it out
> jgoerz >a solution will soon follow.
> jgoerz >
> jgoerz >Any suggestions, man ?, url source?.
> jgoerz >
> jgoerz >Jesse
> jgoerz >
> jgoerz >
> jgoerz >
> jgoerz > --
> jgoerz >Got freedom?
> jgoerz >http://www.debian.org
> jgoerz >Got freedom and simplicity?
> jgoerz >http://www.redmondlinux.org
> jgoerz >
> jgoerz >
> jgoerz >--
> jgoerz >Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
> jgoerz >
>
> :::
> http://www.aphroland.org/
> http://www.linuxpowered.net/
> aphro@aphroland.org
> 7:44pm up 56 days, 5:02, 2 users, load average: 0.00, 0.02, 0.03
>
>
> --
> Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
--
Got freedom?
http://www.debian.org
Got freedom and simplicity?
http://www.redmondlinux.org
Reply to: