North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: 'we should all be uncomfortable with the extent to which luck..'
> > >>> > How many of us here run anything less than SSH and even allow telnetd to >>> > live on any of our hosts? Hey, we have had to do without SSH in more than one CISCO IOS build in the last 6 months in 12.1 / 12.2. This always made me feel very nervous. Regards Marshall Eubanks >>> >>> Here? Probably not all that many. >> >>[bill's password slide from the Scottsdale NANOG] >>suggests that many (most?) of the NANOG attendees are shipping passwords >>around in the clear (not necessarily all telnet, but indicative of a >>mindset). > >The system with that data on it is off right now, but my recollection was >that the top three offenders were (in no particular order) > >- cleartext POP >- cleartext IMAP >- http:// (mostly people reading their email via Exchange). > >Note that the final slide that I put up at the end of the meeting (with >something like 150 passwords on it) had one of my passwords too >(my Vindigo password, if anyone wants to change what cities I have >configured =), so even people who are aware of the issues sometimes >still send cleartext passwords. > > Bill > Marshall Eubanks [email protected]
|