On Thursday 28 May 2009 02:34:02 pm Wojciech Puchar wrote:

> And yes - i do log as root by "insecure" rsh and telnet.

OK, I'm now promoting you to "batshit insane".  Seriously, there's no excuse 
for running telnet - even in a "secure" (ha!) environment - when so much 
better alternatives exist.

Let me shoot you a hypothetical: your webserver gets compromised.  The 
intruder uses a little ARP poisoning to launch a MITM attack between your 
workstation and the database server.  He comes back a couple hours later and 
uses your plaintext root password to make a backup of your database for his 
personal use.

Oh, but that could never happen to you, because you run a PtP VPN between 
every pair of machines on your network, said network being separated from the 
Internet by a 2 meter air gap and a Doberman Pinscher.

Seriously, using telnet today is flat-out stupid, and I'd fire you in a second 
if you brought that level of bullheaded incompetence into my company.

Kirk Strauser
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to