Plaintext passwords on public networks pose a risky practice

Incident Date: January 2005
Incident Location: USA

Personnel at security company Intrusic Inc. recently monitored network traffic at an Internet Service Provider (ISP) for a 24-hour period. Their goal was to find out just how many passwords (presumably unencrypted) could be intercepted within that timeframe.

Their subsequent report indicates that they captured 4,466 passwords, while gathering an additional 103 passwords associated with corporate databases. Given the number of services that still rely on transmitting unencrypted passwords (such as POP3, FTP, Telnet, normal HTTP), seeing 4,000+ passwords a day shouldn’t be a shock.

But the database passwords are another matter. It is very disconcerting to see that either company administrators or applications are sending these passwords across the wire without any protection.

Story Sources

Title: Hackers use old-fashioned eavesdropping to steal data
Author: Gina Keating
Date: 1/24/2005
Publication: Reuters / USA Today
Publication Location: USA
Publication URL:

Do you have additional information to contribute regarding this story? If so, please email with the details and source.

<-- Back to Authentication Story Index

[Home] [About Us] [News] [Research]

Copyright © 2016