Re: Macintosh Web Server Issues

• To: www-security@ns2.Rutgers.EDU
• Subject: Re: Macintosh Web Server Issues
• From: Alex Lange <alex.Lange@sanjose.vlsi.com>
• Date: Tue, 14 May 1996 10:12:29 -0700
• Organization: VLSI Technology, Inc.

David Ray wrote:

> (1) By far the most common Mactintosh security hole is NCSA Telnet's
> built-in FTP server. A lot of people configure it to allow connections with
> no passwords required. Your whole hard drive is at risk. Just make sure you
> turn off the FTP server if you use this software.

Or, perhaps configure NCSA's Telnet FTP service to use specific
usernames and passwords, which it can be set up to do... ?

This same comment could be made about commercial TCP/IP client packages
for the Mac, such as TCP/Connect (which looks like NCSA Telnet pretty
much, BTW, but does _not_ have a username/groupname definition
capability that NCSA'a product does--not that I can see anyway) or
others.  It is not a flaw in NCSA's products. (I'm sure David Ray didn't
intend that implication, anyway.)

--
Alex
----
Alex Lange, Webmaster
VLSI Technology, Inc.     Plus dur que dyamant,      Alex.Lange@VLSI.com
1240 McKay Dr. MS 04   mais doux comme un bayser.           408-474-5011
San Jose CA 95131                                       FAX 408-922-5123

• Previous: Simulated attack on Unix webserver
• Next: Re: Macintosh Web Server Issues
• Index(es):
  • Index
  • Thread