You are not logged in. Login Now register |  search
 0-4          
 
Grex > Cyberpunk > #156: Security on grex
Author Message
pacman
Security on grex Mark Unseen   Nov 8 01:05 UTC 2001
I suppose this isnt much a surprise to most of us, but it helps my conscience
if I make sure we all know.  Unless you login to grex using SSH you are really
vulnerable.  A packetsniffer will easily view your password.  Speaking of SSH,
there is an exploit in it, check cert.org for details.  But seriously, use
a crap password and for the paranoid and intelligent, SSH.
4 responses total.
saw
response 1 of 4: Mark Unseen   Nov 15 05:42 UTC 2001
Correct.  Telnet does everything in cleartext (yikes!) which is
obviously not all that secure.  Telnet is VERY secure as long as no one
is sniffing packets .. but after that, you know the deal.  On the other
hand, SSH is more secure than Telnet.  There is a vulnerability in SSH1
where you can do a man-in-the-middle attack.  (I've done it on our
corporate LAN before, rather interesting.)  SSH2 isn't vulnerable to
this, AFAIk.  But, from what I've seen/heard, upgrading SSH on Grex
isn't as easy as one would expect.  Look in the "garage" conference at
one of the more recent items, which covers the implications of upgrading
Grex's SSH.
kold
response 2 of 4: Mark Unseen   Oct 21 00:01 UTC 2002
i know what SSH means, runs on port 22.
but what is a packetsniffer, could someone please give me more info on that.
thankyou
freddude
response 3 of 4: Mark Unseen   Dec 23 01:45 UTC 2002
i'm scared...
a3145
response 4 of 4: Mark Unseen   Sep 15 07:32 UTC 2004
hi kold
you  can  use the serch engin "www.google.com"
to  look for what is  packetsniffer.
just  do it !
have   a  nice  day
 0-4          
 Response Not Possible: You are Not Logged In
 

- Backtalk version 1.3.30 - Copyright 1996-2006, Jan Wolter and Steve Weiss