|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ABOVE.NET SECURITY TRUTHS?
EXACTLY. You'd think Above.Net would realize this. And maybe not use the SAME password everywhere, and permit some 12 year old to put all of our livlihood at risk. This was so easily done with ONE sniffed password, I hope that everyone takes a second look at their own security procedures. Dont you? --- [email protected] wrote: > the whole issue you raise is password management, > long since addressed > in the UNIX world and supported by cisco routers: > Kerberos. > > On Fri, 28 Apr 2000, Exiled Dave wrote: > > > > > > > > > I guess by now everyone knows what happened. > > Paul, can you share some info > > > > with the rest of us about what the > vulnerability > > was so we can "plug the > > > > hole"? > > > > > > "Plug the hole" was a figure of speech. You > pretty > > much all know that if > > > MFN/Abovenet suspected a way in which other > > providers were vulnerable, we'd > > > have shared that information with you > (privately) by > > now. > > > -- > > > Paul Vixie <[email protected]> > > > SVP for Internet Services, MFNX > > > > HAHAHA the reason no other provider is vulnerable > is > > because no other > > provider with half a clue has the same simple > login > > and enable "p4ssw0rds" > > on all their switches, and internal machines in > their > > sjc facilities on > > hubs. What does one expect will happen when their > > switch passwords become > > public knowledge? The funny thing is the passwords > > were originally sniffed > > by MafiaBoy. > > > > There's no need to "privately" share a fix/hole in > > this case. > > The ENTIRE problem here, is above's total > inability to > > secure their own switches. > > And it SHOULD be public. People who control > literally > > MILLIONS OF DOLLARS of other people's data per > second > > NEED to learn, that CORE NETWORKS NEED TO BE > > PROTECTED. (i.e. CHANGING PASSWORDS, NOT > PERMITTING > > "COMMON PASSWORDS") > > I hope we ALL learn a lesson from this. > > > > > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Talk to your friends online and get email alerts > with Yahoo! Messenger. > > http://im.yahoo.com/ > > > __________________________________________________ Do You Yahoo!? Talk to your friends online and get email alerts with Yahoo! Messenger. http://im.yahoo.com/
|