Linux w/ SBC DSL
Monty J. Harder
lists at kc.rr.com
Sun Jul 14 14:18:47 CDT 2002
"david nicol" <whatever at davidnicol.com> wrote:
> I had no trouble with it, and found roaringpenguin's auto-configuration
> method, in which the script enables promiscuous capture on your network
> cards and then gleans your log-in data from a SBC log-in done from a
> windows
> box, slightly disturbing. But simple.
What should be disturbing about this is =not= that this method was =used=,
but that it =worked=. IOW, SBC apparently runs the login in cleartext, so
that any cracker that can get a connection to your LAN can sniff out
everything needed to hijack your account and identity. That's nearly as
disturbing as a lot of my customers at work, where Jane logs into the Unix
server as 'jane', with password 'jane', or people share logins so that
everyone at one remote site uses the same login -- there are new Federal
regulations set to take effect in a few months (Tony knows all about these;
his company has to deal with them too) that will probably make these sorts
of thing illegal for our industry - might make NetTerminals illegal too, for
all I know, since they use Telnet instead of SSH.
But reverse-engineering by monkey-see-monkey-do is a fine method to use.
More information about the Kclug
mailing list