Re: telnet replacement - not ssh?

From: Bill Unruh (unruh@string.physics.ubc.ca)
Date: 01/09/03

  • Next message: OIM: "Vacatures voor een Platform Expert CSIRT en een Expert NIDS" 
    From: unruh@string.physics.ubc.ca (Bill Unruh)
Date: 9 Jan 2003 19:45:14 GMT

    Daniel Hartmeier <daniel@benzedrine.cx> writes:

    ]On Thu, 09 Jan 2003 11:05:26 -0600, Kirt Loki Dankmyer wrote:

    ]> I can't do that. I have to be able to get through a firewall that they
    ]> control.

    ]I'd just continue using plain text passwords, then. If they don't trust
    ]their employees enough to not abuse network resources for porn, how can
    ]they rely on the same people not sniffing passwords and hijacking telnet
    ]sessions? Obey their policy and watch them get fucked. When they're all
    ]fired after one disgruntled employee fucked them hard because they used
    ]telnet, switch to ssh.

    Ssome people want to do a good job despite the roadblocks put in place
    by others in the organisation. That includes not getting fired ( and the
    sysadmins will not get fired because of the actions of an employee--
    from within there are far more effective ways of sabotaging the system
    than just sending passwords in plain over the net.)

    The management needs to get its act together. But in lieu of that the
    person needs to use some technique where he can at least protect his own
    passwords, etc. srp, skey are some of the options.

    • Quantcast