Date: Wed, 15 Aug 2001 14:44:53 +0930 From: Greg Lehey <grog@FreeBSD.org> To: Ted Mittelstaedt <tedm@toybox.placo.com> Cc: Ryan Thompson <ryan@sasknow.com>, William Nunn <yorkie123@hotmail.com>, freebsd-questions@FreeBSD.ORG Subject: Re: Remotely Exploitable telnetd bug Message-ID: <20010815144453.U49989@wantadilla.lemis.com> In-Reply-To: <000201c12547$807d8520$1401a8c0@tedm.placo.com>; from tedm@toybox.placo.com on Tue, Aug 14, 2001 at 10:02:37PM -0700 References: <20010814171150.S61413@wantadilla.lemis.com> <000201c12547$807d8520$1401a8c0@tedm.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday, 14 August 2001 at 22:02:37 -0700, Ted Mittelstaedt wrote: > >> -----Original Message----- >> From: owner-freebsd-questions@FreeBSD.ORG >> [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Greg Lehey >> >> The best alternative is: don't use telnet. Even with this fix, the >> protocol is inherently insecure. > > At the risk of starting a flame war, it's not the Telnet protocol that's > insecure, it's the entire TCP/IP protocol - if that is you define insecure as > sending passwords in cleartext. I don't understand this. TCP and IP don't have the concept of a password. > FTP, POP3 and many other commonly used TCP/IP protocols are > inherently insecure using this definition. Definitely. In fact, POP is quite a problem because I don't know of any well-known secure alternative. But those are the individual protocols, not TCP and IP. ssh runs over TCP and IP as well, but it's secure, at least by this definition. > But, a SSH client is worthless if it's run on a system that is full > of holes and has been compromised. This applies to all security systems, of course. > Simple solutions like "don't use Telnet" are nothing more than a > start, they are not the answer. Correct. Greg -- See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010815144453.U49989>