While on the topic of password-sniffing anecdotes from conferences --
At the 2600-coordinated Beyond HOPE conference (NYC, 1997), it was made
very clear to users that passwords transmitted in-the-clear would be
sniffed. To hammer home the point, one participant in the Tiger Teaming
panel singled-out an unlucky telnet user, announcing a domain name and
hinting at the password over the loudspeaker system. It got a pretty good
laugh from the audience.
Perhaps that the kind of shock factor that's necessary to get people
(certain people, anyhow) thinking realistically about security. We even
considered sniffing passwords and hooking up a line printer in a central
location..... nah! :)
||| Dominick
- Re: references to password sniffer incident Phil Karn
- Re: references to password sniffer incident Tom Perrine
- Re: references to password sniffer incident Richard Guy Briggs
- Re: references to password sniffer incident Derek Atkins
- Re: references to password sniffer incident Phil Karn
- Re: references to password sniffer incident Jurgen Botz
- Re: references to password sniffer incide... Steve Schear
- RE: references to password sniffer incident Brown, R Ken
- Re: references to password sniffer incident Dominick LaTrappe
- Re: references to password sniffer incident Daniel J. Frasnelli
- Re: references to password sniffer incident Bill Frantz
- What's it worth? (Re: references to passw... Daniel J. Frasnelli
- Re: references to password sniffer incide... Dan Geer
- Re: references to password sniffer incident Peter Gutmann
