EXACTLY. You'd think Above.Net would realize this. And maybe not use the SAME password everywhere, and permit some 12 year old to put all of our livlihood at risk. This was so easily done with ONE sniffed password, I hope that everyone takes a second look at their own security procedures. Dont you? --- dhudes@hudes.org wrote:
the whole issue you raise is password management, long since addressed in the UNIX world and supported by cisco routers: Kerberos.
On Fri, 28 Apr 2000, Exiled Dave wrote:
I guess by now everyone knows what happened. Paul, can you share some info with the rest of us about what the
was so we can "plug the
hole"?
"Plug the hole" was a figure of speech. You
MFN/Abovenet suspected a way in which other
much all know that if providers were vulnerable, we'd
have shared that information with you (privately) by now. -- Paul Vixie <vixie@mibh.net> SVP for Internet Services, MFNX
HAHAHA the reason no other provider is vulnerable is because no other provider with half a clue has the same simple login and enable "p4ssw0rds" on all their switches, and internal machines in
sjc facilities on hubs. What does one expect will happen when their switch passwords become public knowledge? The funny thing is the passwords were originally sniffed by MafiaBoy.
There's no need to "privately" share a fix/hole in this case. The ENTIRE problem here, is above's total inability to secure their own switches. And it SHOULD be public. People who control
vulnerability pretty their literally
MILLIONS OF DOLLARS of other people's data per second NEED to learn, that CORE NETWORKS NEED TO BE PROTECTED. (i.e. CHANGING PASSWORDS, NOT PERMITTING "COMMON PASSWORDS") I hope we ALL learn a lesson from this.
__________________________________________________ Do You Yahoo!? Talk to your friends online and get email alerts with Yahoo! Messenger. http://im.yahoo.com/
__________________________________________________ Do You Yahoo!? Talk to your friends online and get email alerts with Yahoo! Messenger. http://im.yahoo.com/
participants (1)
-
Exiled Dave