Finding Passwords
Barry Shein
bzs at world.std.com
Sat Oct 6 00:58:01 AEST 1990
>Hold on! Then what point is served? The "printout" would have to be
>performed by login itself. Having a suid program or some similar "external"
>program would be useless - it could just as easily be called by a spoofer.
You missed my point.
The scenario: Trojan horse or whatever that grabs your password, notes
it, reports "Login incorrect" and then cycles the real login program.
User thinks s/he just typo'd and enters it again.
If there were a program in your .login or .profile, call it logbad,
which queried the number of bad attempts and printed something like:
0 bad logins since last successful on Nov 9, 1965 20:06
you would be able to say "hmm, I just got a login incorrect WHY IS
THAT COUNT ZERO!!!"
Now, I guess the spoofer could walk over to another terminal and cause
one bad login to occur. Perhaps a "logbad -l" should be run by hand
when suspicions arise which would report the exact time and terminal
each bad login occurred (it would be easy to store such info.)
This sort of scheme does work, its only flaw is that it relies on a
user who cares to think. But there are only a few strange conditions
that people would really need to pay attention to (zero bad logins
right after a known bad, or dozens of them at any time.)
--
-Barry Shein
Software Tool & Die | {xylogics,uunet}!world!bzs | bzs at world.std.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
More information about the Comp.unix.internals
mailing list