On Nov 24, 2014, at 11:04 AM, Les Mikesell <lesmikes...@gmail.com> wrote:

> On Mon, Nov 24, 2014 at 11:38 AM, Leon Fauster
> <leonfaus...@googlemail.com> wrote:
>> 
>> best practice is to not use clear text protocols anymore.
> 
> Umm, yeah.   Encrypted protocols would never be compromised….

That’s absolutist thinking.  There is no such thing as absolute security.

There is, however, such a thing as illusory security.  in.telnetd is a fine 
example of this.

Study the OpenSSH list of fixed security problems:

   http://www.openssh.com/security.html

I see only three that are attacks against the protocol itself, which is all 
that’s within the scope of argument here.  Everything else is an attack on some 
other part of the system which would apply to other programs, regardless of 
encryption.

(e.g., A buffer overflow is a buffer overflow whether encrypted or not.)

Regardless, that list is pretty short for such a popular, security-focused 
15-year-old program.

Now compare telnet: always vulnerable, all the time, since the day it was 
created, before most of the people on this list were born:

   http://tools.ietf.org/html/rfc15
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Reply via email to