Brief Rant

<rant>
Every blog should have a good rant, so I figured it was time for me. In my day job, we've got several application vendors who have these GIANT applications that require telnet and don't support SSH. Personally, I think these people should be ashamed of themselves. One of the applications is a big financial system used by our HR department. The vendor flat-out won't support SSH. Let me repeat that: financial system, supports only telnet, won't support SSH. Am I the only one who has run into this? Not only do they not support SSH, they have no plans to support SSH. How a major vendor can have an application like this that doesn't support SSH is beyond me. Once again, we have a case of people who clearly don't understand the ramifications of their security-related decisions. I mean, their software ain't exactly cheap and they have very specific requirements in terms of the hardware and OS and whatnot. Ok, fine...up to this point, their requirements, though not the requirements that I would use for an application, are not without merit. But they think that it is just fine that the financial information from their system is floating around the local network in clear text. Now our network is switched, so that makes it a little better. But still, it only took about 10 seconds using Ettercap to demonstrate to the folks here how terrifying this fundamental lack of security really is. Everyone was suitably shocked, yet nothing changes.
</rant>

There. I feel much better now. Thank you for allowing me to vent. I'd love to hear if anyone else has run into this sort of problem or something similar.