Mailing List Archive

Support open source code!


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Localhost connection refused



on 01:40 2001/07/09 +0900, Jonathan Q wrote
>I have to take serious issue with this.
>
>Scott (scottro@example.com) wrote:
>
> > on 15:39 2001/07/08 +0900, Glenn Evanish wrote
> >
>
> > I'm going to modestly recommend mine  :)
>
>Modesty is certainly called for.  Telling people
>that telnet is not a security problem is a real disservice and
>quite inaccurate.  Telling people how to enable telnet is also
>a disservice.


Hrmm--I'd have to argue that--at the beginning I comment that there are 
security issues with allowing telnet, so that it's being disabled by 
default is not necessarily a bad thing.  At the end of the page I reiterate 
that there are security issues with allowing it.

>You state:
>
>-----
>A quick interjection on ssh here--many people say, telnet is insecure, use 
>ssh instead.  Although ssh encrypts user names and passwords, those who 
>know a lot about these things tell me that it doesn't offer a great deal 
>more security than telnet. So, if you have ssh running, don't sit back and 
>be sure that you're secure.
>----
>
>Would you like to explain to us all how sending an encrypted sessions is not
>worlds more secure than sending a complete clear-text sessions, password
>and userid included?
>
>To state that ssh doesn't offer a great deal more security than telnet
>is just plain false.  Putting up a page that states that is
>irresponsible, at best.


Again, I think that the statement is accurate.  I am ~not~ an expert on 
security--I However, the point is this--the page is designed for 
beginners.  I don't want the beginner saying, ah, I have SSH not telnet, 
therefore I'm totally safe.  I could change the line to read, although it 
offers a great deal more security than telnet, etc. but upon consideration, 
would rather leave it as it is.

The reason for this is stated in the last paragraph.  Let the beginner be 
more worried about security and investigate it further for themselves.

Although, after reading your email,  I think you are right that I do not 
sufficiently  emphasize the security risks. I have added a warning, (in 
boldface no less :)  ) at the beginning, reading
Warning: Allowing telnet can have serious security implications. Please 
take some time to investigate this before enabling it on your machine.

Scott










Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links