[Info-vax] DECUServe is a Hobbyist Chapter
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Sat Jul 4 22:10:42 EDT 2020
On 2020-07-04 20:50:49 +0000, Phillip Helbig (undress to reply said:
> In article <rdqgkm$1lkg$1 at gioia.aioe.org>, =?UTF-8?Q?Arne_Vajh=c3=b8j?=
> <arne at vajhoej.dk> writes:
>
>> On 7/3/2020 1:31 AM, Phillip Helbig (undress to reply) wrote:
>>> In article <rdlktg$rmb$1 at dont-email.me>, Stephen Hoffman
>>> <seaohveh at hoffmanlabs.invalid> writes:
>>>> That "the world's most secure operating system" still has telnet, FTP,
>>>> and DECnet available in its network configuration certainly belies the
>>>> claim.
>>>
>>> There is some confusion here. The problem with telnet is that the
>>> password and the connection itself are in clear text. Once the user is
>>> logged in, it is no different from SSH as far as VMS is concerned. So
>>> telnet cannot compromise VMS any more than SSH can.
>>
>> Then encryption is needed for the entire session not just for sending
>> the password.
>>
>> There may be other confidential information than password transferred
>> over the wire.
>>
>> And there is also the risk of malicious input being injected.
>
> How is that a bigger problem with telnet than with ssh?
Read the following about telnet security:
https://en.wikipedia.org/wiki/Telnet#Security
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list