[4483] in cryptography@c2.net mail archive
Re: references to password sniffer incident
daemon@ATHENA.MIT.EDU (Dominick LaTrappe)
Thu Apr 8 23:30:52 1999
Date: Thu, 8 Apr 1999 21:10:02 -0400 (EDT)
From: Dominick LaTrappe <seraf@2600.com>
To: cryptography@c2.net
While on the topic of password-sniffing anecdotes from conferences --
At the 2600-coordinated Beyond HOPE conference (NYC, 1997), it was made
very clear to users that passwords transmitted in-the-clear would be
sniffed. To hammer home the point, one participant in the Tiger Teaming
panel singled-out an unlucky telnet user, announcing a domain name and
hinting at the password over the loudspeaker system. It got a pretty good
laugh from the audience.
Perhaps that the kind of shock factor that's necessary to get people
(certain people, anyhow) thinking realistically about security. We even
considered sniffing passwords and hooking up a line printer in a central
location..... nah! :)
||| Dominick
