From owner-freebsd-current  Sun Jun 25 23:12:34 1995
Return-Path: current-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id XAA27056
          for current-outgoing; Sun, 25 Jun 1995 23:12:34 -0700
Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id XAA27005
          ; Sun, 25 Jun 1995 23:12:05 -0700
Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id IAA02748; Mon, 26 Jun 1995 08:10:34 +0200
Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id IAA11689; Mon, 26 Jun 1995 08:10:33 +0200
Message-Id: <199506260610.IAA11689@grumble.grondar.za>
X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol
To: ache@astral.msk.su
cc: Mark Murray <mark@grondar.za>, Poul-Henning Kamp <phk@freefall.cdrom.com>,
        csgr@freebsd.org, current@freebsd.org, gibbs@freefall.cdrom.com,
        jkh@freefall.cdrom.com, paul@freebsd.org, rgrimes@gndrsh.aac.dev.com,
        Garrett Wollman <wollman@halloran-eldar.lcs.mit.edu>
Subject: Re: Crypt code summary(2). 
Date: Mon, 26 Jun 1995 08:10:32 +0200
From: Mark Murray <mark@grondar.za>
Sender: current-owner@freebsd.org
Precedence: bulk

> >You guys want to hear something frightening? Eric Young (the `eay' in
> >SSLeay) has a friend who will make SATAN look stupid. He has, and is
> >going to release code that will snoop passwords out of new telnet and
> >FTP sessions. The purpose is to force the use of this (or any
> >equivalent technology). _They_ would prefer this to be SSLeay.
> 
> It isn't surprise, such code exists long time, if you have
> root on any machine in the local ethernet f.e, you can
> set card to promisc. mode and grab all traffic that goes through
> your local net, including ftp/telnet passwords. In more
> intelligent way you can use BPF filtering for it as tcpdump
> does. Then small artifical intelligense to recognize
> passwords through incoming data...

Sure. The concept has been around for a while. The point here is now this
code is going to be unleashed, and every twit-not-programmer will have the
tools to snoop with his FreeBSD/NetBSD/Linux box. Just like Crack - very
few dictionary attacks actually happened until this one came around. Now
most wise fols are running some form of shadow password.

M

--
Mark Murray
46 Harvey Rd, Claremont, Cape Town 7700, South Africa
+27 21 61-3768 GMT+0200