Re: [[cobalt-users] Server Hacked?]

[Joe Kerns <joe@xxxxxxxxxxxxx>]

> From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
>
> In case anyone's planning to take me up on the offer, it was actually made
> tongue-in-cheek; I don't want to try to break into anyone else's
> system(s).  The liability is too great.
>
> Jeff

Come on, please, we want a play-by-play!

I think it would be wise of us all to take note of security issues that are raised and do what we can to implement
a fix or protect against these risks, a laissez-faire (sp?) attitude of "Well, 15 GaBillion people had my root
password, but they were all cool enough not to F&*( with my machine so it must be OK" is not a wise decision. Too
many of those script-kiddies everyone refers to.

If this many people say telnet is bad, then log into your machine as one of your users and see what you can do. I
guess by giving telnet access your essentially letting someone sit down at your computer and saying have at it.
Even if the person that you give access to has the most integrity and is your best-friend, was highly competent,
and would never screw you, it doesn't matter because anyone that knows anything can listen for your best bud to
login via telnet, swipe the username/pw and their off. Maybe all these people have a point...

Joe

BTW, I turned off telnet a long time ago after installing ssh 1.22.27 (I think)