This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Date: Thu, 11 Jan 2001 11:35:17 -0800 (PST) From: Greg Retkowski <greg@rage.net> To: Vince Duperron <duperron@charter.net> Subject: Re: [svlug] /etc/issue and friends On Wed, 10 Jan 2001, Vince Duperron wrote: > Perhaps you can be more specific about why telnet (port 23) is such a > risk. The only thing that comes to my mind is passwords passed in > plain text. Because I only connect via telnet about 12 times per year > I think my exposure is minimal. The last thing I want to do with a > holiday is spend it installing ssh on boxes that are not even mine. > Many places will not even let you "help" them in this fashion > (internet kiosks and the like in public places like airports and > libraries). You can configure telnetd to use one-time passwords for non-local (i.e. from the public internet) telnet sessions. Best solution when you don't have an ssh client and need remote access. See my message in the 'Worth the effort' thread. ISP's go for *weeks/months* before they realize they are compromized. I've worked at lots of dot.con retailers in the bay area and security rates somewhere behind blinking tradeshow trinkets in their list of priority (observe the recent rash of credit-card thefts of egghead and others). If they aren't concered with security and they deal with people's money just think how concerned people running ISP's or internet kiosks are. I won't go so far to say there's a 50% chance that a network you go through is compromized, but I will say there's a 50% chance a network you go through is compromizable. Crackers have and will run sniffers for weeks on end, take the chance enough times and eventually someone will capture your password and cause you headaches. ===