Date: Tue, 7 May 2002 09:23:44 +0200 From: Borja Marcos <borjam@sarenet.es> To: solarflux@ziplip.com Cc: security@freebsd.org Subject: Re: Telnet Exploit Message-ID: <200205070723.g477NjR3025099@borja.sarenet.es> In-Reply-To: <GTP3YE3JSQGUYEIE2F0SOTH3D3KQNJKUJJYERK0S@ziplip.com>
index | next in thread | previous in thread | raw e-mail
On Tuesday 07 May 2002 01:22, you wrote: > Are you for real? Have you ever sniffed a connection between two machines Sure! > using ssldump? When looking at a telnet or ftp connection, it shows > everything, clear as day. It is obvious that ssh has many benefits. It encrypts the connection, and you can use public keys to authenticate both parties. I am not silly. > As long as OpenSSH exploits are fixed in a timely fashion, I consider sshd > to be MUCH more secure than telnetd. The zlib bug argument is pretty weak. I don't think it is weak. Software complexity is a serious danger. I would prefer a simpler ssh service without frills, subject to a design process with a strong focus on security. Do you think all the software used by OpenSSH (or other ssh implementations) has been thoroughly audited? Hey, I use ssh years ago, and I always authenticate with public keys. It is really useful, but I am worried with the current trends with software complexity and reuse. It can lead to security problems. Borja. -- __________________________________________________________________ Borja Marcos * borjam@sarenet.es Responsable de seguridad * Tel: +34 944209470 SARENET S.A. - * Fax: +34 944209465 Parque Tecnologico, 103 * PGP KeyID: 0x50B24B8C 48170 - Zamudio (Bizkaia) SPAIN * __________________________________________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the messagehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205070723.g477NjR3025099>