Finding Passwords
John Boteler
bote at csense.uucp
Thu Sep 27 07:54:30 AEST 1990
cgy at cs.brown.edu (Curtis Yarvin) claimed:
>In article <LUSH.90Sep21083625 at athena0.EE.MsState.Edu> lush at EE.MsState.Edu (Edward Luke) writes:
>>This proceduer would snarf up the passwd, tell the user "Sorry wrong
>>password", and then exit back to the real login procedure.
>
>You should be able to prevent this. SunOS (and thus likely BSD as well,
>though I don't know) make the first login prompt "<hostname> login:", and
>switch to plain "login:" if an incorrect password is entered. This disables
>login trojans by making them unconcealable.
Yes, you're right.
No programmer in the world could possibly defeat this.
Especially without superuser access.
--
John Boteler bote at csense.uucp {uunet | ka3ovk}!media!csense!bote
SkinnyDipper's Hotline: 703-241-BARE | VOICE only, Touch-Tone(TM) signalling
More information about the Comp.unix.internals
mailing list