1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

War stories: just shut off telnet

Discussion in 'CSO' started by RSS, Oct 7, 2016.

  1. RSS

    RSS New Member Member

    Years ago I was working on a project that had a rather interesting premise. It was a way to send a file between two parties that was stamped as verified by a third party intermediary. Pretty basic stuff but, in the 90s it was rather neat. One of the things that I discovered was that I could issue junk commands to the application simply by launching a telnet client and connecting to the “encrypted” listening port.

    Yeah, that was how the developers described it. I smiled. I was able to get the application to answer various queries that, by the documentation, should have only been possible using the client application that was purpose built for said task. The client and server were supposed to have some manner of key exchange but, it did not work as advertised.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page