From owner-freebsd-questions  Wed Aug 15 22: 3:16 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15])
	by hub.freebsd.org (Postfix) with ESMTP
	id CF4ED37B409; Wed, 15 Aug 2001 22:03:12 -0700 (PDT)
	(envelope-from tedm@toybox.placo.com)
Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154])
	by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f7G52lb35642;
	Wed, 15 Aug 2001 22:02:47 -0700 (PDT)
	(envelope-from tedm@toybox.placo.com)
From: "Ted Mittelstaedt" <tedm@toybox.placo.com>
To: "Andrew C. Hornback" <achornback@worldnet.att.net>,
	"Greg Lehey" <grog@FreeBSD.org>
Cc: <freebsd-questions@FreeBSD.org>
Subject: RE: Remotely Exploitable telnetd bug
Date: Wed, 15 Aug 2001 22:02:47 -0700
Message-ID: <000501c12610$b0c33580$1401a8c0@tedm.placo.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
In-Reply-To: <009101c125b8$450d6340$0e00000a@tomcat>
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0
Importance: Normal
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

>-----Original Message-----
>From: Andrew C. Hornback [mailto:achornback@worldnet.att.net]
>Sent: Wednesday, August 15, 2001 11:30 AM
>	Ted, et. al...
>
>	I think what might be a "hang up" about this with someone
>just sniffing
>your POP3 and then trying to steal your mail is would be in situations
>similar to some of the ISPs that I've used in this area.  In those
>instances, your login password for your dial-up connection and shell account
>is the same as the password that you have to send to retrieve your e-mail.
>

Oh, yeah I forgot about that.  (we use separate passwords for mail, shell,
pop, web, etc.)  Sheesh, you know the dumb thing about that is that the users
just save the mail and dialin passwords in their MS-DUN and mail clients so it
is no easier to use the same password.  It's just piss-poor password control
again.


Ted Mittelstaedt                                       tedm@toybox.placo.com
Author of:                           The FreeBSD Corporate Networker's Guide
Book website:                          http://www.freebsd-corp-net-guide.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message