From owner-freebsd-questions Wed Aug 15 22: 3:16 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id CF4ED37B409; Wed, 15 Aug 2001 22:03:12 -0700 (PDT) (envelope-from tedm@toybox.placo.com) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f7G52lb35642; Wed, 15 Aug 2001 22:02:47 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Andrew C. Hornback" , "Greg Lehey" Cc: Subject: RE: Remotely Exploitable telnetd bug Date: Wed, 15 Aug 2001 22:02:47 -0700 Message-ID: <000501c12610$b0c33580$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <009101c125b8$450d6340$0e00000a@tomcat> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG >-----Original Message----- >From: Andrew C. Hornback [mailto:achornback@worldnet.att.net] >Sent: Wednesday, August 15, 2001 11:30 AM > Ted, et. al... > > I think what might be a "hang up" about this with someone >just sniffing >your POP3 and then trying to steal your mail is would be in situations >similar to some of the ISPs that I've used in this area. In those >instances, your login password for your dial-up connection and shell account >is the same as the password that you have to send to retrieve your e-mail. > Oh, yeah I forgot about that. (we use separate passwords for mail, shell, pop, web, etc.) Sheesh, you know the dumb thing about that is that the users just save the mail and dialin passwords in their MS-DUN and mail clients so it is no easier to use the same password. It's just piss-poor password control again. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message