[Ma-linux] Two Sun Announcements
Alan McConnell
alan at patriot.net
Tue Feb 13 15:32:49 EST 2007
On Tue, Feb 13, 2007 at 03:06:40PM -0500, Michael Stone wrote:
> On Tue, Feb 13, 2007 at 01:53:39PM -0500, Theodore Ruegsegger wrote:
> >Mike pointed out:
> >
> >>You are aware that ssh has had more vulnerabilities than telnet in
> >>the last few years, right?
> >
> >No, I wasn't, but it doesn't surprise me that a newer protocol, in
> >active use, will have more folks banging on it.
>
> More that it's a more complicated protocol and harder to get right. The
> funny thing about this solaris bug is that it was fixed years ago and
> reintroduced--that's just carelessness.
>
> >Telnet is inherently insecure, so no one would be looking for the
> >kinds of vulnerabilities they look for with ssh. Naturally, if the
> >daemon gives you privileges beyond what your account (or, in the case
> >of telnet, the account whose credentials you sniffed) should get,
> >that's a whole 'nother problem, regardless what protocol you're using.
> >
> >But please satisfy my curiosity: why would you use telnet today? Why
> >even enable it?
>
> Why not? Sorry, this thread just touched a nerve--I've heard more than I
> want over the last couple of days about how telnet is inherently
> problematic and ssh is the answer. WHY?
Am I wrong when I recall that the SMTP protocol, used by us all
every day, starts: telnet username at destination.machine 25 ?
Best wishes,
Alan
--
Alan McConnell : http://patriot.net/users/alan
There are many good Impeachment sites; one of the best is:
www.waifllc.org
More information about the Ma-linux
mailing list