Date: Wed, 15 Aug 2001 22:02:47 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Andrew C. Hornback" <achornback@worldnet.att.net>, "Greg Lehey" <grog@FreeBSD.org> Cc: <freebsd-questions@FreeBSD.org> Subject: RE: Remotely Exploitable telnetd bug Message-ID: <000501c12610$b0c33580$1401a8c0@tedm.placo.com> In-Reply-To: <009101c125b8$450d6340$0e00000a@tomcat>
next in thread | previous in thread | raw e-mail | index | archive | help
>-----Original Message----- >From: Andrew C. Hornback [mailto:achornback@worldnet.att.net] >Sent: Wednesday, August 15, 2001 11:30 AM > Ted, et. al... > > I think what might be a "hang up" about this with someone >just sniffing >your POP3 and then trying to steal your mail is would be in situations >similar to some of the ISPs that I've used in this area. In those >instances, your login password for your dial-up connection and shell account >is the same as the password that you have to send to retrieve your e-mail. > Oh, yeah I forgot about that. (we use separate passwords for mail, shell, pop, web, etc.) Sheesh, you know the dumb thing about that is that the users just save the mail and dialin passwords in their MS-DUN and mail clients so it is no easier to use the same password. It's just piss-poor password control again. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000501c12610$b0c33580$1401a8c0>