web based utilities menu

Account Manager

security

Before being able to use the account manager, you must first log in with a usercode and password. Obviously, anybody who knows your password would be able to log in and make unauthorized changes to your account. It is for this reason that you should choose a good password, and protect it by not sharing it with anyone, or making it available to others in general. You should know, however, that it is possible to run a program called a "sniffer" which will reveal the contents of packets as they are sent across networks. This is significant because in general, most programs send your password to the server in plain text. (i.e. not encrypted in any way). Thus, anyone using a sniffer would be able to discover your usercode and password. A sniffer can be set up anywhere along the path from your computer to the server you are connecting to. You may be wondering how all this ties in with the account manager. If you use the terminal version of the account manager via a standard telnet connection, when you log in, your password will be sent across in plain text, and thus, can be sniffed. If you are concerned about this, you should use the terminal version via an SSH connection or the secure web version. To summarize:

Using this program to access this account manager would result in a connection that is...

web browser
(Internet Explorer, Netscape, etc.) web version encrypted
(check to make sure the little "lock" symbol appears at the bottom of the browser)

telnet client
(standard win9x/NT,UN*X telnet) terminal version plain text

SSH capable telnet client terminal version encrypted

A connection which is "plain text" means that, it would be physically possible for someone to sniff your usercode, password, and view your entire session as you use the account manager. An encrypted connection cannot be sniffed, and thus your usercode and password are safe from prying eyes.

Using this program	to access this account manager	would result in a connection that is...
web browser (Internet Explorer, Netscape, etc.)	web version	encrypted (check to make sure the little "lock" symbol appears at the bottom of the browser)
telnet client (standard win9x/NT,UN*X telnet)	terminal version	plain text
SSH capable telnet client	terminal version	encrypted
A connection which is "plain text" means that, it would be physically possible for someone to sniff your usercode, password, and view your entire session as you use the account manager. An encrypted connection cannot be sniffed, and thus your usercode and password are safe from prying eyes.

Note that in order for your connection to the terminal version of the account manager to be encrypted, you must be using an SSH capable telnet client, and you must log in using SSH. (Just because a client is capable of supporting SSH does not mean that it uses encrypted connections by default.) The standard telnet client included with Windows 9x/NT does not support SSH. If you are interested in having your connection encrypted via SSH and you are running Windows 9x/2000/NT, we recommend T. Teranishi's excellent Tera Term Pro terminal emulator. You will also need Robert O'Callahan's TTSSH extension in order to give Tera Term Pro SSH capabilities. Both of the above are freeware. For more information about these programs or to download them for yourself, please visit their home pages:

Tera Term Pro - http://hp.vector.co.jp/authors/VA002416/teraterm.html

TTSSH - http://www.zip.com.au/~roca/ttssh.html