From: Ansgar Wiechers <[EMAIL PROTECTED]> On 2003-06-19 Chris Berry wrote: > From: Ansgar Wiechers <[EMAIL PROTECTED]> >> You do know, that by default Windows is using NTLM authentication for >> telnet, don't you? Of course that's not comparable to ssh, but it sure >> is a lot better than plaintext authentication. > > Thats totally true, but worthless. Authentication isn't the problem, > it's the transmission that's in the clear, so now you're sending your > loging name and password in cleartext. Sure, they're stored in NTLMv2 > format at the other end, but what does that matter if they just put a > sniffer on the wire?
if you had bothered trying before writing this, then you would know that this is simply not true. I fully agree that having the session data unencrypted is bad enough, but authentication is definitely not using plaintext anywhere.
Yes, and if you bothered to read the list, you'd know that I came back and appologized later along with a complete explanation from microsoft on how it works. It's still exploitable and not as good as SSH, but it is better than plaintext. *shrug* Learn something new every day I guess.
Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates
"Within every man beats a heart of darkness." --The Shadow
_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
