Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ABOVE.NET SECURITY TRUTHS?

  • From: Exiled Dave
  • Date: Fri Apr 28 15:26:12 2000


EXACTLY. You'd think Above.Net would realize this. 
And maybe not use the SAME password everywhere, and
permit some 12 year old to put all of our livlihood at
risk.

This was so easily done with ONE sniffed password, I
hope that everyone takes a second look at their own
security procedures. Dont you?

--- dhudes@hudes.org wrote:
> the whole issue you raise is password management,
> long since addressed
> in the UNIX world and supported by cisco routers:
> Kerberos.
> 
> On Fri, 28 Apr 2000, Exiled Dave wrote:
> 
> > 
> > 
> > > > I guess by now everyone knows what happened. 
> > Paul, can you share some info
> > > > with the rest of us about what the
> vulnerability
> > was so we can "plug the
> > > > hole"?
> > >
> > > "Plug the hole" was a figure of speech.  You
> pretty
> > much all know that if
> > > MFN/Abovenet suspected a way in which other
> > providers were vulnerable, we'd
> > > have shared that information with you
> (privately) by
> > now.
> > > --
> > > Paul Vixie <vixie@mibh.net>
> > > SVP for Internet Services, MFNX
> > 
> > HAHAHA the reason no other provider is vulnerable
> is
> > because no other
> > provider with half a clue has the same simple
> login
> > and enable "p4ssw0rds"
> > on all their switches, and internal machines in
> their
> > sjc facilities on
> > hubs. What does one expect will happen when their
> > switch passwords become
> > public knowledge? The funny thing is the passwords
> > were originally sniffed
> > by MafiaBoy.
> > 
> > There's no need to "privately" share a fix/hole in
> > this case. 
> > The ENTIRE problem here, is above's total
> inability to
> > secure their own switches.
> > And it SHOULD be public. People who control
> literally
> > MILLIONS OF DOLLARS of other people's data per
> second
> > NEED to learn, that CORE NETWORKS NEED TO BE
> > PROTECTED. (i.e. CHANGING PASSWORDS, NOT
> PERMITTING
> > "COMMON PASSWORDS")
> > I hope we ALL learn a lesson from this.
> > 
> > 
> > 
> > 
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Talk to your friends online and get email alerts
> with Yahoo! Messenger.
> > http://im.yahoo.com/
> > 
> 

__________________________________________________
Do You Yahoo!?
Talk to your friends online and get email alerts with Yahoo! Messenger.
http://im.yahoo.com/





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.