Thursday, November 21, 2002

More security notes from the IETF. A couple responsible people watched all the traffic from people's laptops onto the Internet, and had a couple algorithms looking for password leaks. They found 2223 unique passwords. Some details:

  • 1546 sniffed passwords were from HTTP

  • 183 were from telnet

  • One of the telnet sessions then opened a ssh (secure shell) connection, then used a root password which also got revealed

  • 496 passwords were from email (mostly POP)

  • 75 were from AOL IM

I'm sure many more would be found if a human were looking for passwords - the algorithms probably haven't had much work put into them to really find a lot of passwords.

Security is complicated. Systems are complicated. If IETF people can't get it right, how do we expect others to?

No comments:

Blog Archive

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License.