panix.com hijacked
Justin
justin-cypherpunks at soze.net
Tue Jan 18 11:54:05 PST 2005
On 2005-01-16T09:46:28-0500, R.A. Hettinga wrote:
> On Sun, 16 Jan 2005 Valdis.Kletnieks at vt.edu wrote:
> > On Sun, 16 Jan 2005 01:32:46 EST, Henry Yen said:
> > >
> > > . panix.net usable as panix.com (marcotte) Sat Jan 15 10:44:57 2005
> >
> > So let's see.. the users will see this when they log into shell.panix.net
> > (since shell.panix.com is borked). Somehow that doesn't seem to help much.
>
> and the hijackers could be, potentially, running a box pretending to be
> shell.panix.com, gathering userids and passwds :(
Object lesson in why using replayable passwords is not a good idea.
Allah invented nonce-based password hashes and public key crypto for a
reason.
--
"War is the father and king of all, and some he shows as gods, others as
men; some he makes slaves, others free." -Heraclitus Kahn.83/D-K.53
More information about the cypherpunks-legacy
mailing list