Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: zeugma
Telnet passes both username AND password in the clear. These days, this is just asking to get your users hacked.

How is that any worse than logging into a non-https: web site?

15 posted on 02/13/2007 5:18:18 PM PST by supercat (Sony delenda est.)
[ Post Reply | Private Reply | To 8 | View Replies ]

To: supercat
How is that any worse than logging into a non-https: web site?

Not much worse. Problem is, a telnet login is going to give you a shell prompt. Getting shell access is more than half the battle to any hacker, because there are so many programs out there that are vulnerable to local exploits. Sites that may be pretty proactive on processes that listen on sockets are often less proactive about many local programs. This is really not a good idea, as most hacking is done by insiders, but it is more common than you might think.

 

16 posted on 02/13/2007 7:17:42 PM PST by zeugma (MS Vista has detected your mouse has moved, Cancel or Allow?)
[ Post Reply | Private Reply | To 15 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson