On Wed, 25 Apr 2001, Rob Hudson wrote:
> Should it be a concern? Seems like Stallman thinks one shouldn't
> worry about it. Seems to me it is equivalent to telnetting, which is
> considered bad b/c everything is in the clear.
Yes, its very much a concern. Anyone along any point to the destination
server could sniff your traffic, and thus your passwords. I personally do
not use telnet at all, and rarely use FTP, if ever. When you have some
time, install dsniff and run it on a busy network, and see how many
passwords it rips off of the wire. If that doesn't scare you, nothing will
:-).
Stallman is wrong, in this case, and I'm suprised he would say something
like that, anyhow, some suitable replacements:
rsh,rlogin,telnet -----> SSH (I recommend the latest OpenSSH)
ftp,rcp -----> scp/sftp from the OpenSSH package (sftp is a SSH2
thing, and is a bit more convenient than scp)
POP3,SMTP, even -----> SSH (the port forwarding capabilities), anything
tunneled telnet ;) TCP
Everyone's got something to hide (even if it's just their passwords, and
everyone should have the right to privacy, even if they aren't doing
something illegal.
jakob :-)
