More security notes from the IETF. A couple responsible people watched all the traffic from people's laptops onto the Internet, and had a couple algorithms looking for password leaks. They found 2223 unique passwords. Some details:

• 1546 sniffed passwords were from HTTP


• 183 were from telnet


• One of the telnet sessions then opened a ssh (secure shell) connection, then used a root password which also got revealed


• 496 passwords were from email (mostly POP)


• 75 were from AOL IM

I'm sure many more would be found if a human were looking for passwords - the algorithms probably haven't had much work put into them to really find a lot of passwords.

Security is complicated. Systems are complicated. If IETF people can't get it right, how do we expect others to?