Just because this is a wider problem doesn't mean that UO shouldn't be called on it. Why security hasn't been an issue is beyond me - how many systems do you know of that allow a user to login and have free reign ? usually they are restricted to what they can access & do by a menuing system of some sort that never allows standard users access to anything but allowed programs. If you're not worried about every shmoe with a password having access to your system why worry about session encryption ?
Gerry -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tony Gravagno Sent: Thursday, May 26, 2005 02:14 PM To: [email protected] Subject: RE: [U2] Uniobjects hack Well, let's not put this all on UO. Almost all of the connectivity tools in our market were written without any thought of security. It's generally assumed that if you have a valid password to the system that you are authorized to use whatever means available to get in. What I don't like is that some/most of the connectivity products in our market don't have any point to point encryption and pass all data in plain text - including user ID's and passwords. Tony Gravagno Nebula Research and Development TG@ removethisNebula-RnD .com Martin Phillips MartinPhillips-at-ladybridge.com |U2UG| wrote: > This is a hole in the Uniobjects security. ... > ... This seems to leave UV/Udt systems > that enable Uniobjects wide open to hacking. Try it! ------- u2-users mailing list [email protected] To unsubscribe please visit http://listserver.u2ug.org/ ------- u2-users mailing list [email protected] To unsubscribe please visit http://listserver.u2ug.org/
