Re: in.telnetd vulnerability??

From: Ryan Russell (ryan@securityfocus.com)
Date: 08/04/01


Date: Fri, 3 Aug 2001 16:18:34 -0600 (MDT)
From: Ryan Russell <ryan@securityfocus.com>
To: adam morley <adam@gmi.com>
Subject: Re: in.telnetd vulnerability??
Message-ID: <Pine.GSO.4.30.0108031617230.1584-100000@mail>

On Fri, 3 Aug 2001, adam morley wrote:

> as an admin, i dont think i would like to hide the fact that a session
> has become insecure from the user. just too worried some other admin
> would pop in and type in a root password and let it fly across the
> internet in plaintext.

You wouldn't be. People with a clue type ssh instead of telnet, and it
behaves like it should. What you would be doing is hiding the fact that
it is now sometimes secure from people who assume it is always insecure.
Dunno, it might breed bad habits. Shrug.

                                        Ryan