Date: Wed, 15 Aug 2001 12:37:47 +0300 From: Ruslan Ermilov <ru@FreeBSD.ORG> To: Ted Mittelstaedt <tedm@toybox.placo.com> Cc: Greg Lehey <grog@FreeBSD.ORG>, Ryan Thompson <ryan@sasknow.com>, William Nunn <yorkie123@hotmail.com>, freebsd-questions@FreeBSD.ORG Subject: Re: Remotely Exploitable telnetd bug Message-ID: <20010815123747.B70885@sunbay.com> In-Reply-To: <002501c1256a$e846ce00$1401a8c0@tedm.placo.com>; from tedm@toybox.placo.com on Wed, Aug 15, 2001 at 02:16:03AM -0700 References: <20010815103807.D47417@sunbay.com> <002501c1256a$e846ce00$1401a8c0@tedm.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 15, 2001 at 02:16:03AM -0700, Ted Mittelstaedt wrote: > > >POP3 (RFC1725) supports the APOP command, which avoids the transmission > >of clear-text passwords over an insecure environment. Also, various > >other authentication schemes are supported, see RFC1734 for details. > > > > APOP is not supported by Outlook 98 or earlier or Eudora 4.3 or earlier. > It's probably also not supported by most UNIX mail clients either except in > the very latest versions. > Outlook Express supports it: http://support.microsoft.com/support/kb/articles/Q302/1/12.ASP > >There are security extensions exist for FTP, see RFC2228 for details. > >lukemftpd (currently in contrib/lukemftpd) is going to support these, > >AFAIK. > > > > It's going to be many years before even a quarter of the FTP clients in use > out there support these. > Umm, from where did you get this (pessimistic) heuristics? :-) Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010815123747.B70885>