On Thu, 14 Mar 2002, Rick Warner wrote: > > > On Thu, 14 Mar 2002, David Talkington wrote: > > > Leaving aside for a moment the fact that the Sun admin needs his/her > > head checked for having telnet open in the first place (it appears > > that the telnet buffer overflow from last summer was patched ... in > > _January_), you should probably try 'export TERM=vt100' before > > connecting and see if that helps. > > > > If, on the other hand, it is you that administers this Sun box, then > > *thwap* to you for not killing telnet ages ago. > > Nothing wrong with telnet in a firewalled environment, unless you are > worried about your users. OpenSSH has had a much more checkered security > history in the past few months. Recently: the issue last week with > multiple channels, then the zlib issue announced yesterday. Two upgrades > in one week for security issues! Now which protocol is the bigger security > threat? Think the answer is equivocal at this time.
The openssh issue was fixed by a one line patch, indeed a single character change, which because of the "open" nature of the source could be applied by anyone with a text editor and the ability to type. The zlib issue was apparently very difficult to exploit. I think the chief danger with SSH is that using it can engender a kind of complacency with regard to security. On the other hand, the chief weakness of telnet is that it's crap in comparison with SSH for many reasons other than security. > - rick - _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
