Date: Mon, 27 Feb 1995 22:00:31 +0100 From: Julian Howard Stacey <Julian.H.Stacey@regent.e-technik.tu-muenchen.de> To: hackers@freefall.cdrom.com, jkh@freefall.cdrom.com Cc: security@freefall.cdrom.com Subject: Re: key exchange for rlogin/telnet services? Message-ID: <199502272100.WAA05626@vector.eikon.e-technik.tu-muenchen.de>
next in thread | raw e-mail | index | archive | help
Jordan wrote: > you have no way of knowing > whether or not that password you just typed to log in to freefall was just > sniffed by the entire ..... .... > Should I be locked up by the NSA for even suggesting this? Nope, Welcome to the select group of the terminally paranoid :-) I've been paranoid long before I arrived on the Internet:- (yes, I know, long after you arrived :-) I've Always used one password for my `home' trusted boxes, and one or more other passwords for all the other hosts. I never (well, nearly never ;-) type my real home password through any telnet or shell or rlogin or even microprocessor coms box (inc. PC running kermit as a vt100 emulator) toward my `home' boxes, Instead I always ftp out from my home boxes toward the less secure boxes. Of course this strategy doesn't help your problem, except to know there are others out here equally paranoid (but you knew that anyway ;-) Back in '78 we were joking just how how easy it would be to grab root access, 2 M6800 assembler coding hours later ... we had. Back in '95 (yeah now ;-) Newsweek edition of Feb 27th, Page 37 tells how Tsutomu Shimomura `led the Feds to' [cracker Kevin] Mitnick's door. (In fact much of the Newsweek issue is taken up with Internet this week). Welcome to paranoid reality :-) PS Here's an interesting security doc to browse: ftp.informatik.tu-muenchen.de:/pub/comp/networking/security-doc " This is the complete text for SRI Information and Telecommunications Sciences and Technology Division Technical Report ITSTD-721-FR-90-21. " I view it with groff & ghostview, I've hacked up a much enhanced Makefile (PD) to make viewing easier. --- Julian Stacey <jhs@freebsd.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199502272100.WAA05626>