Re: Did I give up on telnet too easily?
From: Nico Kadel-Garcia (nkadel_at_verizon.net)
Date: 09/22/03
- Next message: Nico Kadel-Garcia: "Re: Did I give up on telnet too easily?"
- Previous message: Bit Twister: "Re: Watch this patch from the M$ Corporation"
- In reply to: Jem Berkes: "Re: Did I give up on telnet too easily?"
- Next in thread: Tim Haynes: "Re: Did I give up on telnet too easily?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 22 Sep 2003 01:57:19 GMT
Jem Berkes wrote:
>>Is this done commonly by crackers? *OF COURSE* it is, because it's
>>very difficult to detect but easy to do and they can reap a *lot* of
>>passwords from people who are careless.
>
>
> Why go to all this trouble and harvest a bunch of users passwords, when you
> can run a well established exploit and instantly root pretty much any
> university, small web site or clueless company using an ancient but
> unpatched BIND, wu-ftp, sendmail, or (my favourite) RPC install?
>
> Passwords are a dime a dozen.
Because they *are* a dime a dozen with unencrypted services like telnet
for all servers, ftp for non-anonymous users too dumb to use a different
password, and HTTP servers too dumb to use SSL, especially compared to
writing and leaving yourselves more traceable by running remote
exploits. In almost all cases, it's Just Safer(tm) to sniff them than
break into a remote machine that *may* be running a vulnerable version
but may *also* be running good log checkers to trace your little weasel
attack back the source machine.
- Next message: Nico Kadel-Garcia: "Re: Did I give up on telnet too easily?"
- Previous message: Bit Twister: "Re: Watch this patch from the M$ Corporation"
- In reply to: Jem Berkes: "Re: Did I give up on telnet too easily?"
- Next in thread: Tim Haynes: "Re: Did I give up on telnet too easily?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
