[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Kerberos holes (was Re: IPSEC == end of firewalls)



On Tue, 23 Jan 1996, Frank Willoughby wrote:

> At 10:30 AM 1/23/96 -0500, [email protected] allegedly wrote:
> >
> >Frank Willoughby writes:
> >> While IP level security & authentication will go a long way to help 
> >> prevent abuses and reduce unauthorized accesses, I doubt if it will
> >> provide enough protection by itself.
> >
> >I agree with this, but...
> >
> >> o Node Spoofing will probably still be possible
> >
> >Nope. It won't.
> >
> I disagree.  I haven't met a system that couldn't somehow be gotten around.
> The creativity of hackers is succeeded only by their motivation and ability 
> to put many hours into trying to solve a problem.  Including the word
> "probably"  was deliberate.  Kerberos was also thought to be secure - 'til
> it was compromised.  Software isn't bug-free & design or security 
> methodologies can't provide 100% coverage.  Hackers take advantage of 
> this and inherent weaknesses in design flaws.

Clearly.

I keep hearing references to weaknesses in kerberos, which I more or less 
rely on. What are the problems I should be worrying about? Preferably as 
URLs.

Also, we have a new kerberos implementation for Macs that we're going to 
roll out soon. I'll see if the project manager would be willing to let 
other people take a look at it.

-rich