Solaris Telnet 0-day vulnerability

philos writes "According to SANS ISC, there's a vulnerability in Solaris 10 and 11 telnet that allows anyone to remotely connect as any account, including root, without authentication. Remote access can be gained with nothing more than a telnet client. More information and a Snort signature can be found at riosec.com. Worse, this is almost identical to a bug in AIX and Linux rlogin from way back in 1994."

Re:Here come the fanboys

[Eco-Mono]

I wasn't aware that Solaris was really that popular.

Re:Why is this a big deal?

[SatanicPuppy]

Jackass.

That's like saying, "If you have a million dollars in the bank it should be stored in a safe, but if you have ten thousand dollars in your house, it's okay to put it in your sock drawer." Just because the stakes are lower at home doesn't mean you can't have serious issues.

Security best practices are the same whether you're talking about securing your home network or a military network, and while encrypting your hard drive may be over kill on a home network, disabling extra network services and using the more secure of two protocols is only common sense.

Worst of all, you're building work habits that revolve around insecure protocols. When you telnet to a machine, you're sending your login information over an unencrypted connection, and this should never happen. It's just foolish.