|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: 'we should all be uncomfortable with the extent to which luck..'
>> > How many of us here run anything less than SSH and even allow telnetd to >> > live on any of our hosts? >> >> Here? Probably not all that many. > >[bill's password slide from the Scottsdale NANOG] >suggests that many (most?) of the NANOG attendees are shipping passwords >around in the clear (not necessarily all telnet, but indicative of a >mindset). The system with that data on it is off right now, but my recollection was that the top three offenders were (in no particular order) - cleartext POP - cleartext IMAP - http:// (mostly people reading their email via Exchange). Note that the final slide that I put up at the end of the meeting (with something like 150 passwords on it) had one of my passwords too (my Vindigo password, if anyone wants to change what cities I have configured =), so even people who are aware of the issues sometimes still send cleartext passwords. Bill
|