North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: 'we should all be uncomfortable with the extent to which luck..'

  • From: Marshall Eubanks
  • Date: Wed Jul 25 20:27:06 2001

>
>
>>> > How many of us here run anything less than SSH and even allow telnetd
to
>>> > live on any of our hosts?

Hey, we have had to do without SSH in more than one CISCO IOS build in the last
6 months in 12.1 / 12.2. 

This always made me feel very nervous.

Regards
Marshall Eubanks

>>> 
>>> Here? Probably not all that many. 
>>
>>[bill's password slide from the Scottsdale NANOG]
>>suggests that many (most?) of the NANOG attendees are shipping passwords
>>around in the clear (not necessarily all telnet, but indicative of a
>>mindset).
>
>The system with that data on it is off right now, but my recollection was
>that the top three offenders were (in no particular order)
>
>- cleartext POP
>- cleartext IMAP
>- http:// (mostly people reading their email via Exchange).
>
>Note that the final slide that I put up at the end of the meeting (with
>something like 150 passwords on it) had one of my passwords too
>(my Vindigo password, if anyone wants to change what cities I have
>configured =), so even people who are aware of the issues sometimes
>still send cleartext passwords.
>
>  Bill
>

Marshall Eubanks

[email protected]