sftp is a secure file transfer that runs on top of ssh. I think. Check the man pages. Rob -----Original Message----- From: Boris Mann [mailto:boris at bmannconsulting.com] Sent: Friday, January 24, 2003 9:31 AM To: thelist at lists.evolt.org Subject: Re: [thelist] News Item: Major Security Flaw in CVS But of course, everyone knew that telnet is *inherently insecure*, so never used it for anything mission critical. <tip type="Security" author="Boris Mann"> Both telnet and FTP send passwords in the clear. Telnet is easily replaced by SSH (and for the most part has been), but FTP is a little harder to wean yourself from. WebDAV is a nice replacement, as are various flavours of SSL-protected FTP. </tip> -- Boris Mann http://www.bmannconsulting.com On Friday, January 24, 2003, at 05:07 AM, Jason Handby wrote: >> We could go on and on debating the various merits of both open source >> and commercial software, but when it comes to overall product security >> and the speed at which vulnerabilities are repaired, OSS has the >> commercial world beat by a long shot. Remote exploits go unfixed for >> *months* in the world of big, expensive applications. Rarely (if ever) >> is that the case with OSS. > > The famous exception, of course, being the vulnerability in all > BSD-derived > versions of telnetd (the UNIX/Linux telnet daemon). This buffer > overrun had > existed for years before anyone noticed it was there. > > http://www.cert.org/advisories/CA-2001-21.html > > I wonder if that points up a weakness with the open-source code review > process: people only spend time looking at code that's cutting-edge or > "sexy", and telnetd clearly isn't sexy... At Microsoft (for example) > programmers don't revisit and re-examine code because it's sexy; they > do it > because they're paid to. This might mean it's not done as thoroughly > or as > fast in many cases, but perhaps it guarantees that it's actually done > at > all! > > Jason > -- * * Please support the community that supports you. * * http://evolt.org/help_support_evolt/ For unsubscribe and other options, including the Tip Harvester and archives of thelist go to: http://lists.evolt.org Workers of the Web, evolt !