abadidea2d ago
enjoyed this telnetd analysis. (if you can’t believe anyone has a legitimate operational reason to run telnet, you live in a cozy world indeed) https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/
A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746)

A long, long time ago, in a land free of binary exploit mitigations, when Unix still roamed the Earth, there lived a pre-authentication Telnetd vulnerability. In fact, this vulnerability was born so long ago (way back in 1994) that it may even be older than you. To put the timespan

watchTowr Labs
Show threadGlyph2d ago
@0xabad1dea do you have a specific example of such a legit need? I do not typically think of myself as “sheltered” but this one eludes me
Show threadabadidea
@glyph wander into any factory in the world and you'll find 30yo industrial machinery that's been running the same firmware the entire time and trying to fiddle with it is liable to end the business
Mar 25 at 6:36amWeb
Show threadEmma needs ☕️ and paying work2d ago

@0xabad1dea @glyph my wife had to use a robot driven from a computer running Windows 2000 to move samples out of an electron microscope.

That's not telnet, but is similar.

Show threadKevin Karhan 2d ago
@emma @0xabad1dea @glyph I still know some stuff running MS-DOS!
Show threadnick1d ago
@kkarhan @emma @0xabad1dea @glyph yeah and not that newfangled dos 4.0 either ...
Show threadV2d ago
@0xabad1dea @glyph For more specific examples: Someone I know had to use telnet to connect to something (a mill or lathe, possibly was just one of each) at a shop she worked in not too long ago.
In uni, I had to use telnet to connect to a telescope for some physics classes.
Show threadKevin Karhan 2d ago
@miss_rodent @0xabad1dea @glyph a lot of scientific and industrial equipment runs on very old stuff cuz that never got upgraded (nor was it feasible or even possible to do so!)
Show threadV2d ago
@kkarhan @0xabad1dea @glyph Yeah, even when it is possible/feasible...
Do you want to build a new telescope - including all the permitting headaches, cost, fees, etc. - or do you want to spend an extra 10-20 minutes each year to teach a few 19-year-olds how to connect over telnet.
Show threadKevin Karhan 2d ago

@miss_rodent @0xabad1dea @glyph Same goes for everything similarly nieche in medical, industry and science.

  • Yeah, it's old, outdated and so forth but it still works fine and neither is there budget for "upgrades" nor is there a pressing need and the few people who can even access it have a vested interest in keeping it operational.
    • This ain't like a banking mainframe or payment backend or something similarly juicy "worth hacking" as everyone would dislike that...
Show threadV2d ago
@0xabad1dea @glyph So - not something most people have to deal with day-to-day, but, if you need to communicate remotely with old machinery, it still comes up. A lot of stuff like that works on a 'if it ain't broke, don't fix it' policy.
... Especially if 'fix it' involves hauling parts into orbit, or to the top of a mountain in a remote corner of the country without too much light pollution (yet).
Show threadTrammell Hudson2d ago
@0xabad1dea @glyph I visited a semiconductor fab in Chippewa Falls in 2013 and was shocked to find that the production line also doubled as a retrocomputing museum with Sun 3 and VAX hardware still in operation.
Show threadjulf2d ago
@th @0xabad1dea @glyph I assume the Cray was not operational any more?
Show threadBonkers2d ago
@julf @th @0xabad1dea @glyph it is fully operational as a cozy bench, apparently.
Show threadTrammell Hudson2d ago
@julf that Cray XMP was a static display and no longer operational. my guess is they don't have anyone who can rewire it.
Show threadjulf2d ago
@th Wow! They need a Jacquard loom...
Show threadAndreas Sikkema2d ago
@th I remember the days when SARA had a bench like that in the waiting area 😉