What difference does complex passwords make if the password is sent in the clear. It would be trivial for a cracker to sniff the traffic and grab a password, then use the account to create havoc.
Chris Mason Box 340, The Valley, Anguilla, British West Indies Tel: 264 497 5670 Fax: 264 497 8463 USA Fax (561) 382-7771 Take a virtual tour of the island http://net.ai/ The Anguilla Guide Find out more about NetConcepts www.netconcepts.ai bwz*mq -----Original Message----- From: Marc Haber [mailto:[EMAIL PROTECTED] Sent: Sunday, April 30, 2000 5:30 AM To: debian-user@lists.debian.org Subject: Re: hacked? On Thu, 27 Apr 2000 09:02:05 -0400 (EDT), you wrote: >On the other hand, I do not feel as strongly as other posters that telnet >needs to be disabled in order to have a secure machine. Strong passwords >will work just as well. I have an account on a large Solaris network >where telnet has been open for ages, and will continue to be. The passwd >program in *incredibly* anal about ensuring that all passwords are >complex. To my knowledge there has never been a significant security >breach on this network. You have been lucky. Even secure passwords can be sniffed, and telnet sessions already established can be hijacked. That way, the attacker doesn't even have to wait for your password to fly around. Greetings Marc -- -------------------------------------- !! No courtesy copies, please !! ----- Marc Haber | " Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29 -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
