Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] SuSE security reputation, etc..
  • From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
  • Date: Sat, 5 Aug 2000 19:03:00 -0600
  • Message-id: <001f01bfff42$1144a8e0$6900030a@xxxxxxxxxxxx>
> > This is how I understand it.
> > Even though the root passwd is encrypted on the box it is still sent
> > accross the wire in plain text, therefore sniffable.
> >
> Maybe you cam to the thread ot of sequence? What I meant was, during
> an SSH session, the su root password is encrypted across the wire.
> Pretty much the only places it is plaintext are the keyboard driver
> and login/pam.
> But my point was that if your user password is sniffed from a
> POP session, then leet can sprinkle your path with trojans, which
> might sniff your su password and steal it.
> Thats all. dproc

Check out the May edition of SysAdmin Magazine, Crypto 101, I cover how to
SSL wrap POP/IMAP and related things.

Kurt Seifried
SecurityPortal, your focal point for security on the net

< Previous Next >