new password idea
Steven Bellovin
smb at ulysses.att.com
Thu Apr 25 03:06:45 AEST 1991
In article <1991Apr24.004539.3881 at mp.cs.niu.edu>, bennett at mp.cs.niu.edu (Scott Bennett) writes:
}
} On some of our non-UNIX systems we use a security package that has
} another useful feature: after a certain number of bad passwords are
} given consecutively for a logonid, the logonid is suspended. No
} further access is allowed for that logonid until someone with authority
} to reactivate it has become involved. While this in itself offers
} an avenue for abuse
Yup -- it's a great way to lock out the system administrators when
you're ready to do some serious monkey business. Or you can lock out
anyone else you don't like. This is known as a denial-of-service
attack.
More information about the Comp.unix.wizards
mailing list