No Next Item No Next Conference Can't Favor Can't Forget Item List Conference Home Entrance    Help
View Responses

Grex Cyberpunk Item 156: Security on grex
Entered by pacman on Thu Nov 8 01:05:54 UTC 2001: 

I suppose this isnt much a surprise to most of us, but it helps my conscience
if I make sure we all know.  Unless you login to grex using SSH you are really
vulnerable.  A packetsniffer will easily view your password.  Speaking of SSH,
there is an exploit in it, check cert.org for details.  But seriously, use
a crap password and for the paranoid and intelligent, SSH.

4 responses total.


#1 of 4 by saw on Thu Nov 15 05:42:25 2001: 

Correct.  Telnet does everything in cleartext (yikes!) which is
obviously not all that secure.  Telnet is VERY secure as long as no one
is sniffing packets .. but after that, you know the deal.  On the other
hand, SSH is more secure than Telnet.  There is a vulnerability in SSH1
where you can do a man-in-the-middle attack.  (I've done it on our
corporate LAN before, rather interesting.)  SSH2 isn't vulnerable to
this, AFAIk.  But, from what I've seen/heard, upgrading SSH on Grex
isn't as easy as one would expect.  Look in the "garage" conference at
one of the more recent items, which covers the implications of upgrading
Grex's SSH.

#2 of 4 by kold on Mon Oct 21 00:01:39 2002: 

i know what SSH means, runs on port 22.
but what is a packetsniffer, could someone please give me more info on that.
thankyou

#3 of 4 by freddude on Mon Dec 23 01:45:14 2002: 

i'm scared...

#4 of 4 by a3145 on Wed Sep 15 07:32:39 2004: 

hi kold
you  can  use the serch engin "www.google.com"
to  look for what is  packetsniffer.
just  do it !
have   a  nice  day

Response not possible - You must register and login before posting.

No Next Item No Next Conference Can't Favor Can't Forget Item List Conference Home Entrance    Help

- Backtalk version 1.3.30 - Copyright 1996-2006, Jan Wolter and Steve Weiss