- 1546 sniffed passwords were from HTTP
- 183 were from telnet
- One of the telnet sessions then opened a ssh (secure shell) connection, then used a root password which also got revealed
- 496 passwords were from email (mostly POP)
- 75 were from AOL IM
I'm sure many more would be found if a human were looking for passwords - the algorithms probably haven't had much work put into them to really find a lot of passwords.
Security is complicated. Systems are complicated. If IETF people can't get it right, how do we expect others to?
No comments:
Post a Comment