Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: zeugma
Problem is, a telnet login is going to give you a shell prompt.

What sort of shell prompt do you get with telnet:bbsmates.com or any of the other telnet-BBSs out there? I would think that while such sites aren't a lot better than non-https: password-protected sites, they at least divvy the password among different packets in such a way that one can't simply look for packets containing a string like "&password=foobar".

17 posted on 02/13/2007 8:09:25 PM PST by supercat (Sony delenda est.)
[ Post Reply | Private Reply | To 16 | View Replies ]

To: supercat
If you're confident that the shell presented (i.e., the BBS software) is reasonably secure, it's not horribly different from non-ssl passwords on websites (which are also an abomination IMO).

I wouldn't put any sensitive data on a computer open to the net that is running telnetd.

As for packet sniffing for passwords being easier on non-ssl websites, that might well be true if you don't have very sophisticated sniffing tools. I'm pretty sure that with wireshark, (i.e. tcpdump), you can tell it to show "sessions" where a dialogue between two systems is highlighted, making  the login pretty much stand out almost as well.

23 posted on 02/14/2007 6:53:08 AM PST by zeugma (MS Vista has detected your mouse has moved, Cancel or Allow?)
[ Post Reply | Private Reply | To 17 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson