[CentOS] Server Hacked: Cpanel

Wed Aug 9 21:12:51 UTC 2006
Rodrigo Barbosa <rodrigob at darkover.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Aug 09, 2006 at 04:40:09PM -0400, William L. Maltby wrote:
> > Having to stop the passwords on plaintext (on the ISP side) always makes
> > me raise an eyebrow toward any place that offers CHAP as authentication.
> > Then again, I always use different passwords everywhere, so that is not
> > usually a big issue.
> 
> Same here, even in my own net (I have grandchildren: they can be
> "snoopy"). The darn trouble is trying to remember them all, including
> those for different 'net sites; all have a different password.
> 
> The plain text password didn't bother me so much as my connection was a
> dial-up Point-to-Point connection. One would need some special acces to
> intercept.

CHAP autentication send the "password" encrypted over the wire.
The problem is how it is stored on the ISP server.

[]s

- -- 
Rodrigo Barbosa
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE2k/TpdyWzQ5b5ckRAq9FAKCnzW8L67clVUcIrWxTrvTh8D4GgwCdHxaK
WmjnMxfweitzspfYdtft7OQ=
=6/wv
-----END PGP SIGNATURE-----