Security Portal: Why do vendors ship us junk they wouldn't use?Jul 05, 2000, 06:57 (17 Talkback[s])
(Other stories by Kurt Seifried)
"This is something I have been thinking about off and on for a while. Why do vendors ship software that they themselves won't use? Most Linux vendors ship the same general packages - Sendmail for SMTP mail services, WuFTPD for FTP, Telnet for remote access and so on. The kicker, though, is that most of these vendors use different software on their servers...."
"It would be a cinch for non-U.S. distributions to include OpenSSH, and U.S.-based distributions could find several easy ways around it (e.g., ftp.redhat.de has up-to-date OpenSSH rpm's for most major releases of Red Hat Linux). If OpenSSH is not available during initial install (the user does not have access to a network, for example) it should be easy to obtain post-install. The OpenSSL and OpenSSH binaries combined are only around 1.1 megabytes; even on a slow dialup link, this download would take no more then 10 minutes (and I do mean a slow dialup link)."
"Telnet is completely broken. It cannot be fixed. Even the use of one-time password schemes still leaves Telnet vulnerable to session hijacking."
0 Talkback[s] (click to add your comment)