[rt-users] Security risk! Passwords can be compromised!
Dave Sherohman
dave at sherohman.org
Tue Feb 3 10:43:53 EST 2009
On Tue, Feb 03, 2009 at 04:25:04PM +0100, Andreas Heinlein wrote:
> Dave Sherohman schrieb:
> > Fair point, but I still see a significant difference between "turn on
> > this switch and we'll hand you the passwords in a log file" and the
> > various methods you mention, any of which would require some degree of
> > skill and/or effort to implement.
> aptitude install dsniff
> dsniff -i eth0 > passwords.txt
>
> That's it, basically ;-)
> (when run on the RT server)
Yup. I didn't say it would be a *large* degree of skill or effort
involved. :)
(And, personally, I prefer ngrep. Something like
ngrep -d eth0 password dst port 80 > passwords.txt
wouldn't capture nearly as much random traffic along with the
passwords.)
--
Dave Sherohman
NomadNet, Inc.
http://nomadnetinc.com/
More information about the rt-users
mailing list