[aclug-L] Security Question: How safe is it?
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Jeremy Johnstone wrote:
>
> True, but don't both ends have to support it at a system level? Otherwise,
> if you only have it in your bin dir in your personal account you will have
> to login insecurely then start it up and then login securely. OR am I
> flawed somewhere?
>
Ah yes... The Chicken and egg thing.. Even if this was a new service,
the encoding of passwords would have to be well known in advance, so
even then the sending of the password would be risky, even if it was
encoded some how.
This is an interesting issue of security.. I wonder how many folks,
sitting at their home computer, would be routed traffic that contained
such information from their ISP?
Further, assuming somebody actually had a direct attachment to a segment
of the backbone, how much password information they could filter out of
the data stream... Consider that they would only be able to see
traffic on that specific segment and that you need three pieces of
information to log into a computer....
1. The IP address of the host (or the host name to look up the IP).
2. A valid user name,
3. The password for that user name.
Getting a socket connection requires quite a number of packets, which
would all have to be intercepted to be sure to get all the required
information to monitor the connection. Then you must be able to
interpret the service to sniff out a user name and password... How
easily can this be done? It does not sound very easy, and it is limited
to traffic on the local network segment to start with...
I don't mean to suggest that there is no danger, but that sending
passwords in the clear is not as risky as some would lead you to
believe. There is an element of security when you can "hide in the
crowd" of data flowing around. It's not totally effective, but is it
good enough?
-= bob =-
---
This is the Air Capitol Linux Users Group discussion list. If you
want to unsubscribe, send the word "unsubscribe" to
aclug-L-request@xxxxxxxxxxxx. If you want to post to the list, send your
message to aclug-L@xxxxxxxxxxxx.
- Re: [aclug-L] telnet, (continued)
- Re: [aclug-L] telnet, John Goerzen, 1998/09/24
- Re: [aclug-L] telnet, Bob Deep, 1998/09/25
- Re: [aclug-L] telnet, Jeremy Johnstone, 1998/09/26
- Re: [aclug-L] telnet, Jeremy Johnstone, 1998/09/26
- Re: [aclug-L] telnet, John Goerzen, 1998/09/27
- Re: [aclug-L] telnet, Jeremy Johnstone, 1998/09/29
- [aclug-L] Security Question: How safe is it?,
Bob Deep <=
- Re: [aclug-L] Security Question: How safe is it?, Jeremy Johnstone, 1998/09/29
- Re: [aclug-L] Security Question: How safe is it?, Jeremy Johnstone, 1998/09/29
- Re: [aclug-L] Security Question: How safe is it?, John Goerzen, 1998/09/29
- Re: [aclug-L] Security Question: How safe is it?, John Goerzen, 1998/09/29
- Re: [aclug-L] telnet, John Goerzen, 1998/09/29
Re: [aclug-L] telnet, John Goerzen, 1998/09/24
|
|
