Re: how secure is mail and ftp and netscape/IE???
On Wed, Feb 21, 2001 at 01:26:02PM +, Jacob Meuser wrote: You could install the Cygwin package for windows. It has ssh-2.3.0 and sftp I believe. Look for any of the following on google -- * putty: a 200K single exe file for windows. Does ssh, telnet, xterm emulation, but no port forwarding. No DLLs, stick it on a floppy and it just works. GPL. * pscp: same author as putty, 200K single exe for windows. does scp. * ttssh: ssh extension for TeraTerm Pro. Considerably larger than putty, but does port forwarding, X forwarding, and has more features like printing. For Macs: * niftytelnet with ssh: no port forwarding, but everything else is pretty good. For Java: * mindterm: runs on Windows Mac, and probably others (Macs require using jbindery to turn a java class file into a recognizable executable). Does port forwarding, and can even be run inside a browser. -- Mike Renfro / RD Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: how secure is mail and ftp and netscape/IE???
I ssh from my Windows 2000 machine at work to my Debian machine at home. You just need the proper client. There are free ones out there for Windows. From: Adam Spickler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: how secure is mail and ftp and netscape/IE??? Date: Wed, 21 Feb 2001 15:40:05 -0500 What about if you are going from a Windows box to a *nix box. Is there any way to do secure ftp transfers. Mail, for me is no problem. I ssh into my machines and use "Mutt" to deal with email. ...adam On Wed, Feb 21, 2001 at 05:29:11PM -0300, Pedro Zorzenon Neto wrote: Hi Steve, About sending plain text password and files with telnet and ftp: uninstall your 'telnetd' and 'ftp server' and install 'ssh' ssh is real secure and has two usefull commands: 'ssh' is a substitute for telnet and 'scp' is not the same thing, but substitutes ftp with some advantages read their manuals and compare. Bye Pedro On Wed, Feb 21, 2001 at 03:13:43PM -0500, Steve Rudd wrote: Hello! Steve here, Well I am one of the family now! My server is Debian 2.2r2. A benign hacker got me. All he seemed to do was overwrite my root index.html page and notify the "hackers watchdog" group to take responsibility for the act! I have some security questions: 1. How secure is it checking email with eudora pro, given they have not yet got ssh or any other system that is secure? Since outlook has ssh, is it worth switching for that? I use a separate user and password for mail and ftp. 2. Cute ftp is not secure yet, but should be soon. 3. Using netscape to port to private sections of the website: www.abc.com:1020/systemconfig/index.html (for example) I am asked for a user name and password via netscape/IE === Ok all these things are really transmitting my user name and password via plain text with no encryption. If I have sudo installed and a sniffer comes along, they have root access very easily! Should I be concerned about using email, ftp and IE ? Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: how secure is mail and ftp and netscape/IE???
On Wed, Feb 21, 2001 at 01:26:02PM +, Jacob Meuser wrote: You could install the Cygwin package for windows. It has ssh-2.3.0 and sftp I believe. Look for any of the following on google -- * putty: a 200K single exe file for windows. Does ssh, telnet, xterm emulation, but no port forwarding. No DLLs, stick it on a floppy and it just works. GPL. * pscp: same author as putty, 200K single exe for windows. does scp. * ttssh: ssh extension for TeraTerm Pro. Considerably larger than putty, but does port forwarding, X forwarding, and has more features like printing. For Macs: * niftytelnet with ssh: no port forwarding, but everything else is pretty good. For Java: * mindterm: runs on Windows Mac, and probably others (Macs require using jbindery to turn a java class file into a recognizable executable). Does port forwarding, and can even be run inside a browser. -- Mike Renfro / RD Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED]
Re: how secure is mail and ftp and netscape/IE???
I ssh from my Windows 2000 machine at work to my Debian machine at home. You just need the proper client. There are free ones out there for Windows. From: Adam Spickler [EMAIL PROTECTED] To: debian-security@lists.debian.org Subject: Re: how secure is mail and ftp and netscape/IE??? Date: Wed, 21 Feb 2001 15:40:05 -0500 What about if you are going from a Windows box to a *nix box. Is there any way to do secure ftp transfers. Mail, for me is no problem. I ssh into my machines and use Mutt to deal with email. ...adam On Wed, Feb 21, 2001 at 05:29:11PM -0300, Pedro Zorzenon Neto wrote: Hi Steve, About sending plain text password and files with telnet and ftp: uninstall your 'telnetd' and 'ftp server' and install 'ssh' ssh is real secure and has two usefull commands: 'ssh' is a substitute for telnet and 'scp' is not the same thing, but substitutes ftp with some advantages read their manuals and compare. Bye Pedro On Wed, Feb 21, 2001 at 03:13:43PM -0500, Steve Rudd wrote: Hello! Steve here, Well I am one of the family now! My server is Debian 2.2r2. A benign hacker got me. All he seemed to do was overwrite my root index.html page and notify the hackers watchdog group to take responsibility for the act! I have some security questions: 1. How secure is it checking email with eudora pro, given they have not yet got ssh or any other system that is secure? Since outlook has ssh, is it worth switching for that? I use a separate user and password for mail and ftp. 2. Cute ftp is not secure yet, but should be soon. 3. Using netscape to port to private sections of the website: www.abc.com:1020/systemconfig/index.html (for example) I am asked for a user name and password via netscape/IE === Ok all these things are really transmitting my user name and password via plain text with no encryption. If I have sudo installed and a sniffer comes along, they have root access very easily! Should I be concerned about using email, ftp and IE ? Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com
RE: how secure is mail and ftp and netscape/IE???
-Original Message- From: Mike Renfro [mailto:[EMAIL PROTECTED] Behalf Of Mike Renfro Sent: Thursday, February 22, 2001 7:30 AM To: debian-security@lists.debian.org Subject: Re: how secure is mail and ftp and netscape/IE??? [...] * ttssh: ssh extension for TeraTerm Pro. Considerably larger than putty, but does port forwarding, X forwarding, and has more features like printing. [...] Just as a note here, I've had good luck with port forwarding and VNC using ttssh. Also, between TeraTerm, ttssh and VNC, you can fit them all on a floppy.
Re: how secure is mail and ftp and netscape/IE???
What about if you are going from a Windows box to a *nix box. Is there any way to do secure ftp transfers. Mail, for me is no problem. I ssh into my machines and use "Mutt" to deal with email. ...adam On Wed, Feb 21, 2001 at 05:29:11PM -0300, Pedro Zorzenon Neto wrote: Hi Steve, About sending plain text password and files with telnet and ftp: uninstall your 'telnetd' and 'ftp server' and install 'ssh' ssh is real secure and has two usefull commands: 'ssh' is a substitute for telnet and 'scp' is not the same thing, but substitutes ftp with some advantages read their manuals and compare. Bye Pedro On Wed, Feb 21, 2001 at 03:13:43PM -0500, Steve Rudd wrote: Hello! Steve here, Well I am one of the family now! My server is Debian 2.2r2. A benign hacker got me. All he seemed to do was overwrite my root index.html page and notify the "hackers watchdog" group to take responsibility for the act! I have some security questions: 1. How secure is it checking email with eudora pro, given they have not yet got ssh or any other system that is secure? Since outlook has ssh, is it worth switching for that? I use a separate user and password for mail and ftp. 2. Cute ftp is not secure yet, but should be soon. 3. Using netscape to port to private sections of the website: www.abc.com:1020/systemconfig/index.html (for example) I am asked for a user name and password via netscape/IE === Ok all these things are really transmitting my user name and password via plain text with no encryption. If I have sudo installed and a sniffer comes along, they have root access very easily! Should I be concerned about using email, ftp and IE ? Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: how secure is mail and ftp and netscape/IE???
On Wed, Feb 21, 2001 at 03:13:43PM -0500, Steve Rudd wrote: 1. How secure is it checking email with eudora pro, given they have not yet got ssh or any other system that is secure? Since outlook has ssh, is it worth switching for that? I use a separate user and password for mail and ftp. Normal POP/IMAP mail checking is completely vulnerable to sniffing. However, I believe Eudora supports IMAP over SSL. I don't actually *use* Eudora, mind you, but I was told just the other day that it does. 2. Cute ftp is not secure yet, but should be soon. There really isn't any standard secure FTP. In the case of SSH, you've got something that's available almost everywhere and has a well defined protocol. While there may be SSL enabled FTP server or clients, I don't think there's any standard for interoperability. 3. Using netscape to port to private sections of the website: www.abc.com:1020/systemconfig/index.html (for example) I am asked for a user name and password via netscape/IE You could always install an https server in place of the standard unencrypted http server. That's the only way to prevent your username/password from being sent in plaintext. Note that you'll probably want to contact a certificate authority (CA) like Verisign or Thawte and have them handle signing your certificate and stuff. Otherwise people will get a nasty warning when accessing your https site (at least, people using decent web browsers). Ok all these things are really transmitting my user name and password via plain text with no encryption. If I have sudo installed and a sniffer comes along, they have root access very easily! Should I be concerned about using email, ftp and IE ? Yup. Especially if you're sending a password that allows access to sensitive stuff. Basically, you should just not be doing it in plaintext. Secure replacements do exist for most services, and when they do, you should use them. When they don't, you should be careful to set things up so that any usernames/passwords going over the network are not going to allow access to sensitive data. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html PGP signature
Re: how secure is mail and ftp and netscape/IE???
Yes, you should be concerned. Now-a-days most people are using SSH for all communication. It's really the way to go for remote access. Take a look at openssh.com for some more information. Plus it's free, and we like free. ;) From: Steve Rudd [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: how secure is mail and ftp and netscape/IE??? Date: Wed, 21 Feb 2001 15:13:43 -0500 Hello! Steve here, Well I am one of the family now! My server is Debian 2.2r2. A benign hacker got me. All he seemed to do was overwrite my root index.html page and notify the "hackers watchdog" group to take responsibility for the act! I have some security questions: 1. How secure is it checking email with eudora pro, given they have not yet got ssh or any other system that is secure? Since outlook has ssh, is it worth switching for that? I use a separate user and password for mail and ftp. 2. Cute ftp is not secure yet, but should be soon. 3. Using netscape to port to private sections of the website: www.abc.com:1020/systemconfig/index.html (for example) I am asked for a user name and password via netscape/IE === Ok all these things are really transmitting my user name and password via plain text with no encryption. If I have sudo installed and a sniffer comes along, they have root access very easily! Should I be concerned about using email, ftp and IE ? Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: how secure is mail and ftp and netscape/IE???
On Wed, Feb 21, 2001 at 10:09:47PM +0100, Gaute Gullesen wrote: On Wednesday, February 21, 2001, 9:40:05 PM, Adam Spickler wrote: What about if you are going from a Windows box to a *nix box. Is there any way to do secure ftp transfers. Mail, for me is no problem. I ssh into my machines and use "Mutt" to deal with email. you could tunnel the ftp connection through ssh. You could install the Cygwin package for windows. It has ssh-2.3.0 and sftp I believe. [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: how secure is mail and ftp and netscape/IE???
On Wed, Feb 21, 2001 at 03:13:43PM -0500, Steve Rudd wrote: 1. How secure is it checking email with eudora pro, given they have not yet got ssh or any other system that is secure? Since outlook has ssh, is it worth switching for that? I use a separate user and password for mail and ftp. Normal POP/IMAP mail checking is completely vulnerable to sniffing. However, I believe Eudora supports IMAP over SSL. I don't actually *use* Eudora, mind you, but I was told just the other day that it does. 2. Cute ftp is not secure yet, but should be soon. There really isn't any standard secure FTP. In the case of SSH, you've got something that's available almost everywhere and has a well defined protocol. While there may be SSL enabled FTP server or clients, I don't think there's any standard for interoperability. 3. Using netscape to port to private sections of the website: www.abc.com:1020/systemconfig/index.html (for example) I am asked for a user name and password via netscape/IE You could always install an https server in place of the standard unencrypted http server. That's the only way to prevent your username/password from being sent in plaintext. Note that you'll probably want to contact a certificate authority (CA) like Verisign or Thawte and have them handle signing your certificate and stuff. Otherwise people will get a nasty warning when accessing your https site (at least, people using decent web browsers). Ok all these things are really transmitting my user name and password via plain text with no encryption. If I have sudo installed and a sniffer comes along, they have root access very easily! Should I be concerned about using email, ftp and IE ? Yup. Especially if you're sending a password that allows access to sensitive stuff. Basically, you should just not be doing it in plaintext. Secure replacements do exist for most services, and when they do, you should use them. When they don't, you should be careful to set things up so that any usernames/passwords going over the network are not going to allow access to sensitive data. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgpcmOHeM9o9U.pgp Description: PGP signature
Re: how secure is mail and ftp and netscape/IE???
Hi Steve, About sending plain text password and files with telnet and ftp: uninstall your 'telnetd' and 'ftp server' and install 'ssh' ssh is real secure and has two usefull commands: 'ssh' is a substitute for telnet and 'scp' is not the same thing, but substitutes ftp with some advantages read their manuals and compare. Bye Pedro On Wed, Feb 21, 2001 at 03:13:43PM -0500, Steve Rudd wrote: Hello! Steve here, Well I am one of the family now! My server is Debian 2.2r2. A benign hacker got me. All he seemed to do was overwrite my root index.html page and notify the hackers watchdog group to take responsibility for the act! I have some security questions: 1. How secure is it checking email with eudora pro, given they have not yet got ssh or any other system that is secure? Since outlook has ssh, is it worth switching for that? I use a separate user and password for mail and ftp. 2. Cute ftp is not secure yet, but should be soon. 3. Using netscape to port to private sections of the website: www.abc.com:1020/systemconfig/index.html (for example) I am asked for a user name and password via netscape/IE === Ok all these things are really transmitting my user name and password via plain text with no encryption. If I have sudo installed and a sniffer comes along, they have root access very easily! Should I be concerned about using email, ftp and IE ? Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: how secure is mail and ftp and netscape/IE???
Yes, you should be concerned. Now-a-days most people are using SSH for all communication. It's really the way to go for remote access. Take a look at openssh.com for some more information. Plus it's free, and we like free. ;) From: Steve Rudd [EMAIL PROTECTED] To: debian-security@lists.debian.org Subject: how secure is mail and ftp and netscape/IE??? Date: Wed, 21 Feb 2001 15:13:43 -0500 Hello! Steve here, Well I am one of the family now! My server is Debian 2.2r2. A benign hacker got me. All he seemed to do was overwrite my root index.html page and notify the hackers watchdog group to take responsibility for the act! I have some security questions: 1. How secure is it checking email with eudora pro, given they have not yet got ssh or any other system that is secure? Since outlook has ssh, is it worth switching for that? I use a separate user and password for mail and ftp. 2. Cute ftp is not secure yet, but should be soon. 3. Using netscape to port to private sections of the website: www.abc.com:1020/systemconfig/index.html (for example) I am asked for a user name and password via netscape/IE === Ok all these things are really transmitting my user name and password via plain text with no encryption. If I have sudo installed and a sniffer comes along, they have root access very easily! Should I be concerned about using email, ftp and IE ? Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com
Re: how secure is mail and ftp and netscape/IE???
What about if you are going from a Windows box to a *nix box. Is there any way to do secure ftp transfers. Mail, for me is no problem. I ssh into my machines and use Mutt to deal with email. ...adam On Wed, Feb 21, 2001 at 05:29:11PM -0300, Pedro Zorzenon Neto wrote: Hi Steve, About sending plain text password and files with telnet and ftp: uninstall your 'telnetd' and 'ftp server' and install 'ssh' ssh is real secure and has two usefull commands: 'ssh' is a substitute for telnet and 'scp' is not the same thing, but substitutes ftp with some advantages read their manuals and compare. Bye Pedro On Wed, Feb 21, 2001 at 03:13:43PM -0500, Steve Rudd wrote: Hello! Steve here, Well I am one of the family now! My server is Debian 2.2r2. A benign hacker got me. All he seemed to do was overwrite my root index.html page and notify the hackers watchdog group to take responsibility for the act! I have some security questions: 1. How secure is it checking email with eudora pro, given they have not yet got ssh or any other system that is secure? Since outlook has ssh, is it worth switching for that? I use a separate user and password for mail and ftp. 2. Cute ftp is not secure yet, but should be soon. 3. Using netscape to port to private sections of the website: www.abc.com:1020/systemconfig/index.html (for example) I am asked for a user name and password via netscape/IE === Ok all these things are really transmitting my user name and password via plain text with no encryption. If I have sudo installed and a sniffer comes along, they have root access very easily! Should I be concerned about using email, ftp and IE ? Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited -
Re: how secure is mail and ftp and netscape/IE???
Somehow, I'm getting the impression you haven't taken this system offline, and properly either reinstall or definately fix what's wrong. That should be your first priority, if so. Steve Rudd wrote: Hello! Steve here, Well I am one of the family now! My server is Debian 2.2r2. A benign hacker got me. All he seemed to do was overwrite my root index.html page and notify the hackers watchdog group to take responsibility for the act! I have some security questions:
Re: how secure is mail and ftp and netscape/IE???
On Wed, Feb 21, 2001 at 10:09:47PM +0100, Gaute Gullesen wrote: On Wednesday, February 21, 2001, 9:40:05 PM, Adam Spickler wrote: What about if you are going from a Windows box to a *nix box. Is there any way to do secure ftp transfers. Mail, for me is no problem. I ssh into my machines and use Mutt to deal with email. you could tunnel the ftp connection through ssh. You could install the Cygwin package for windows. It has ssh-2.3.0 and sftp I believe. [EMAIL PROTECTED]
Re: how secure is mail and ftp and netscape/IE???
I use the iXplorer and putty. This does GUI scp, but it looks like GUI ftp. On Wed, 21 Feb 2001, Adam Spickler wrote: What about if you are going from a Windows box to a *nix box. Is there any way to do secure ftp transfers. Mail, for me is no problem. I ssh into my machines and use Mutt to deal with email. ...adam On Wed, Feb 21, 2001 at 05:29:11PM -0300, Pedro Zorzenon Neto wrote: Hi Steve, About sending plain text password and files with telnet and ftp: uninstall your 'telnetd' and 'ftp server' and install 'ssh' ssh is real secure and has two usefull commands: 'ssh' is a substitute for telnet and 'scp' is not the same thing, but substitutes ftp with some advantages read their manuals and compare. Bye Pedro On Wed, Feb 21, 2001 at 03:13:43PM -0500, Steve Rudd wrote: Hello! Steve here, Well I am one of the family now! My server is Debian 2.2r2. A benign hacker got me. All he seemed to do was overwrite my root index.html page and notify the hackers watchdog group to take responsibility for the act! I have some security questions: 1. How secure is it checking email with eudora pro, given they have not yet got ssh or any other system that is secure? Since outlook has ssh, is it worth switching for that? I use a separate user and password for mail and ftp. 2. Cute ftp is not secure yet, but should be soon. 3. Using netscape to port to private sections of the website: www.abc.com:1020/systemconfig/index.html (for example) I am asked for a user name and password via netscape/IE === Ok all these things are really transmitting my user name and password via plain text with no encryption. If I have sudo installed and a sniffer comes along, they have root access very easily! Should I be concerned about using email, ftp and IE ? Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]