In <01GOI3BHJJ048WVYXW at beloit.edu> JONESBB at BELOIT.EDU writes:
>> text deleted...
>> Another point, if you think you are safe on you own Mac or IBM, you
> may not be. NCSA Telnet for the Mac allows you to open your drive for
> ftp by other users. If you use telpass to create accounts for your
> friends, then you are probably ok, subject to the discussion about
> passwords above. However, at least one version of Telnet was
> distributed with the FTP ENABLE menu item defaulting to ON. This means
> that if you have that version, have never bothered with telpass,
> and you use Telnet to connect to your local mainframe, you are open
> for someone to mess around on your hard disk. This is the only
> situation I have heard of in which the default settings allow invasion,
> but there may be others.
>> In addition, of course, if you choose the FTP ENABLE menu item, you
> can manually allow access to your hard drive using ANY version of
> Telnet, and if you have modified your telnet configuration file (named
> "config.tel" as I recall) then you might have opened your system as its
> default behavior.
>> more deleted...
>> Ben Jones, BioQUEST
Interesting point here re a Mac and the NCSA Telnet package. For
anyone who just discovered that 'config.tel' wasn't set up securely, don't just
edit that file and assume things are fixed. Note that if you've aready been
using NCSA, the program hase long ago read the original config file and then
created a file named something like 'NCSA Telnet Settings'. Once this file is
found upon NCSA startup, there is no reread of config.tel. So... NOTHING
changes after an edit to config.tel unless you also trash the settings file.
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/ Michael J. Weise, Ph.D. \ Univ.of Ga. BioScience Computing Facility \
( weise at bscf.uga.edu \ Dept.of Genetics UGa, Athens GA 30602 )
\ _ _ _'Tis_only_me_speak'n._ _\_ _ _ _ _ _ _ (706) 542-1409_ _ _ _ _ _ _ /