[Info-vax] DECUServe is a Hobbyist Chapter
Phillip Helbig undress to reply
helbig at asclothestro.multivax.de
Sat Jul 4 16:50:49 EDT 2020
In article <rdqgkm$1lkg$1 at gioia.aioe.org>, =?UTF-8?Q?Arne_Vajh=c3=b8j?=
<arne at vajhoej.dk> writes:
> On 7/3/2020 1:31 AM, Phillip Helbig (undress to reply) wrote:
> > In article <rdlktg$rmb$1 at dont-email.me>, Stephen Hoffman
> > <seaohveh at hoffmanlabs.invalid> writes:
> >> That "the world's most secure operating system" still has telnet, FTP,
> >> and DECnet available in its network configuration certainly belies the
> >> claim.
> >
> > There is some confusion here. The problem with telnet is that the
> > password and the connection itself are in clear text. Once the user is
> > logged in, it is no different from SSH as far as VMS is concerned. So
> > telnet cannot compromise VMS any more than SSH can.
>
> Then encryption is needed for the entire session not just
> for sending the password.
>
> There may be other confidential information than password
> transferred over the wire.
>
> And there is also the risk of malicious input being injected.
How is that a bigger problem with telnet than with ssh?
More information about the Info-vax
mailing list