× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2008

Re: Telnet concerns from auditors

A company in the Evansville Indiana *BASE User Group had an incident where
an "accounting lady" in the "HR dept" received an e-mail complaint allegedly
from the Better Business Bureau. She could not get it to open, she
forwarded it to co-workers, who could not get it to open either. So they
called the Better Business Bureau seeking clarification. No complaints
against the company. They forgot about it until the Bank inquired about
large withrawals being made against the company accounts in New York and
Nevada.

Turns out, their keystrokes were being captured, which included access to
the 400, setting up new employees in the Payroll system, e-commerce.

Basically anything an employee on a PC is authorized to do, the crooks now
can do, if the anti-malware firewall software is not 100% up to date, and
even then, when new trouble comes out, the anti-malware places only learn
defenses to send people after someone gets stung and reports it.

Jim Franz wrote
.. and it won't matter if public or private network...
Plus - this goes beyond authentication.
Sniffing the HR dept traffic, or Cashier app w/ card swipe,
whether telnet or browser based,
allows access to data bypassing the normal auth checks.
Sniffers are easily downloaded freeware.
Having said all that, I have yet to have a customer take
steps like SSL.

Jim Franz

----- Original Message -----
From: "David Gibbs" <david@xxxxxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Sent: Friday, October 03, 2008 3:28 PM
Subject: Re: Telnet concerns from auditors

Charles Wilt wrote:
In all fairness, this risk is lower now than it used to be due to the
use of network switches.

Explain that to an auditor.
If they are raising flags because of unencrypted authentication on your
network ... then the presence of a switch (instead of a hub) isn't going
to mater one iota.
david


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options, visit:
http://lists.midrange.com/mailman/listinfo/midrange-l or email:
MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment
to review the archives at http://archive.midrange.com/midrange-l.


--
WOW! Homepage (http://www.wowway.com)


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.