|
Plaintext passwords on public networks pose a risky practice
Incident Date: January 2005 Incident Location: USA Personnel at security company Intrusic Inc. recently monitored network traffic at an Internet Service Provider (ISP) for a 24-hour period. Their goal was to find out just how many passwords (presumably unencrypted) could be intercepted within that timeframe. Their subsequent report indicates that they captured 4,466 passwords, while gathering an additional 103 passwords associated with corporate databases. Given the number of services that still rely on transmitting unencrypted passwords (such as POP3, FTP, Telnet, normal HTTP), seeing 4,000+ passwords a day shouldn’t be a shock. But the database passwords are another matter. It is very disconcerting to see that either company administrators or applications are sending these passwords across the wire without any protection. Story Sources Title: Hackers use old-fashioned eavesdropping to steal data Author: Gina Keating Date: 1/24/2005 Publication: Reuters / USA Today Publication Location: USA Publication URL: http://www.usatoday.com/tech/news/computersecurity/2005-01-24-hackers-listening-in_x.htm Do you have additional information to contribute regarding this story? If so, please email siteupdates@passwordresearch.com with the details and source.
<-- Back to Authentication Story Index |