Plaintext passwords on public networks pose a risky practice
Incident Date: January 2005
Incident Location: USA
Personnel at security company Intrusic Inc. recently monitored network traffic at an Internet Service Provider (ISP) for a 24-hour period. Their goal was to find out just how many passwords (presumably unencrypted) could be intercepted within that timeframe.
Their subsequent report indicates that they captured 4,466 passwords, while gathering an additional 103 passwords associated with corporate databases. Given the number of services that still rely on transmitting unencrypted passwords (such as POP3, FTP, Telnet, normal HTTP), seeing 4,000+ passwords a day shouldn’t be a shock.
But the database passwords are another matter. It is very disconcerting to see that either company administrators or applications are sending these passwords across the wire without any protection.
Title: Hackers use old-fashioned eavesdropping to steal data
Author: Gina Keating
Publication: Reuters / USA Today
Publication Location: USA
Publication URL: http://www.usatoday.com/tech/news/computersecurity/2005-01-24-hackers-listening-in_x.htm
Do you have additional information to contribute regarding this story? If so, please email firstname.lastname@example.org with the details and source.