OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Buchan Milne (bgmilnecae.co.za)
Date: Fri Jan 18 2002 - 11:22:20 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Who was saying a while back that we didn't need any docs on ssl (btw I
    am working on some at the moment, watch this space)?

    We run everything which has a password (except squid authorisation,
    which I am not sure is possible) with encryption. POP, IMAP, LDAP,
    Webmail etc. We don't have telnet installed on any of our boxes. We only
    have anonymous ftp setup because that's the most secure option for doing
    network installs of Mandrake!

    I thought I was one of the less paranoid members of this list ;-)

    Buchan

    Tzafrir Cohen wrote:

    > Fully agree with what you wrote. Even mindterm does not make ssh available
    > for everyone, as not every station has ajava-enabled browser.
    >
    > On 18 Jan 2002, Bill Kenworthy wrote:
    >
    >
    >>I have also never figured out
    >>why all the evangelistic hooha over telnet when ftp and I think pop3 and
    >>imap essentially do the same thing - though this is starting to change.
    >>
    >>
    >
    > Imap is a bit less bad. I think that your password is not given in easy
    > plain text on the beginning of the session. I think it is obfuscated a bit
    > or something.
    >
    > You won't catch any of the anti-telnet guys using plain pop3 or
    > (non-annonymous) ftp. To replace ftp you have scp and sftp. pop3 and imap
    > can be carried over SSL. Imap can also use a chalange-response
    > authenticcation.
    >
    >
    >>For those of you using pop3 or imap to collect your mail from a remote
    >>server, fire up ethereal and have the delight of watching your password
    >>go out in plain text every fewminutes or so, as well as personal email
    >>coming back in plain ...
    >>
    >
    > Same goes for icq, and I suspect that for some other instant-messangers.
    >
    > 

    -- 
|----------------Registered Linux User #182071-----------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work       +27 82 472 2231 * +27 21 808 2497 ext 202
Stellenbosch Automotive Engineering         http://www.cae.co.za

    For help, email discuss-helpmandrakesecure.net; to unsubscribe send a
message to discuss-unsubscribemandrakesecure.net.  To visit MandrakeSecure,
go to http://www.mandrakesecure.net/.