This looks like fun... Cheers, Bob Hettinga
Date: Mon, 16 Oct 1995 23:07:58 -0700 From: crawford@scruznet.com (Michael D. Crawford) To: semper.fi@abs.apple.com, dev@be.com Subject: Re: BeBox development questions and answers Message-ID: <199510170607.XAA06319@scruz.net>
Jonah Benton asked Melissa Rogers about security:
are there ways of excluding certain users from certain parts of the file system? No
i believe you support telnet- can multiple users telnet in at once?
Yes
The answers to these two questions suggests the existence of the following serious security problem, which can cause breaches on any other machine on the network. This is a time-honored way for hackers to bust into machines on the Internet.
do{ telnet to an Internet host that does not have adequate security
Patch the telnet client on the Be box to save keystrokes into a file
Log out
Wait a couple weeks
Telnet back in, retrieve the file.
Now you have the host names, account names, and passwords for several other machines }while ( Internet != destroyed );
Would someone from Be care to clarify?
This isn't exactly on-topic for this list, but it is a serious problem. It's been going on for years on other OS's.
Mike
Michael D. Crawford | I use anonymous digital cash from DigiCash. crawford@scruznet.com | Join the e-Cash trial at: http://www.scruz.net/~crawford/ | http://www.digicash.com
----------------- Robert Hettinga (rah@shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell
Phree Phil: Email: zldf@clark.net http://www.netresponse.com/zldf <<<<<