Finding Passwords
Dan Bernstein
brnstnd at kramden.acf.nyu.edu
Wed Sep 26 07:04:03 AEST 1990
In article <24590 at adm.BRL.MIL> ssds!tims at uunet.uu.net (Tim Sesow (SSDS Rocky Mntn)) writes:
> One way out: stick to TELNET sessions and ALWAYS disconnect and reconnect
> before logging on.
Even this isn't good enough. Despite popular myth, there is a way to
sneak a Trojan Horse under a pseudo-tty (under BSD, at least). Please,
kids, don't bother sending me mail asking how to do this; learn to read
your own man pages.
And what do you propose to do about public terminals? Too many terminal
concentrators don't provide a trusted path. Many communications programs
are just a bit too configurable. Some universities (like MIT) have an
atmosphere of trust where nobody would take advantage of such problems;
some universities (like NYU) have an atmosphere of trust where we'll
draw and quarter any student who misbehaves and stick his head on a pike
in front of the building. But it's still an issue to think about.
Disclaimer: I've never been personally involved in sticking anyone's
head on a pike. :-)
---Dan
More information about the Comp.unix.internals
mailing list