Re: can my password be sniffed in this situation ?
From: Eric Osman (ericosman-nospam@rcn.com)
Date: 02/14/03
- Next message: patrick@klos.com: "Re: can my password be sniffed in this situation ?"
- Previous message: The Thinker: "Re: Strong Passwords Revisited"
- In reply to: DaveK: "Re: can my password be sniffed in this situation ?"
- Next in thread: patrick@klos.com: "Re: can my password be sniffed in this situation ?"
- Reply: patrick@klos.com: "Re: can my password be sniffed in this situation ?"
- Reply: Walter Roberson: "Re: can my password be sniffed in this situation ?"
- Reply: Lawrence D'Oliveiro: "Re: can my password be sniffed in this situation ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Eric Osman <ericosman-nospam@rcn.com> Date: Fri, 14 Feb 2003 12:05:00 -0500
The following sounds very easy to "arrange" by a hacker, see below.
> However, the sniffer would have to be running on one of the routers at
> your ISP, on the backbone router path from your ISP's network to the
> destination network, or at the destination itself to see your packets going
> past, and that's not something that's easy to arrange....
>
>
Wouldn't any malicious hacker that has signed up as an RCN cable
internet customer fall into the above category and hence be able to
sniff the username and password when another customer types
the following into their ADDRESS BAR of ie or netscape browser and
presses ENTER :
123456@ftp.rcn.com">ftp://smith:123456@ftp.rcn.com
My whole purpose of starting this discussion is to make a case
for telling RCN that the following instruction from their FAQ is
actually a *** dangerous instruction *** that shouldn't be followed:
**** dangerous instructions ??? ****
If your space has not been created yet, simply type the following
line into the Address or Location line in your browser and hit
the Enter key. In this example, your user id is: smith and your
password is: 123456. You will replace these with your own user id
and password. 123456@ftp.rcn.com">ftp://smith:123456@ftp.rcn.com
Am I right ? Would the above instruction allow other RCN customers,
if malicious, to sniff passwords of other customers ?
Thanks for reading and considering.
/Eric
- Next message: patrick@klos.com: "Re: can my password be sniffed in this situation ?"
- Previous message: The Thinker: "Re: Strong Passwords Revisited"
- In reply to: DaveK: "Re: can my password be sniffed in this situation ?"
- Next in thread: patrick@klos.com: "Re: can my password be sniffed in this situation ?"
- Reply: patrick@klos.com: "Re: can my password be sniffed in this situation ?"
- Reply: Walter Roberson: "Re: can my password be sniffed in this situation ?"
- Reply: Lawrence D'Oliveiro: "Re: can my password be sniffed in this situation ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
