BeBox Security Hole?

Robert Hettinga rah at shipwright.com
Tue Oct 17 12:46:56 PDT 1995



This looks like fun...

Cheers,
Bob Hettinga


>Date: Mon, 16 Oct 1995 23:07:58 -0700
>From: crawford at scruznet.com (Michael D. Crawford)
>To: semper.fi at abs.apple.com, dev at be.com
>Subject: Re: BeBox development questions and answers
>Message-ID: <199510170607.XAA06319 at scruz.net>
>
>Jonah Benton asked Melissa Rogers about security:
>
>>>>are there ways of excluding certain users from certain parts of the file
>>>>system?
>>>No
>>>>
>>>>i believe you support telnet- can multiple users telnet in at once?
>>>>
>>>Yes
>
>The answers to these two questions suggests the existence of the following
>serious security problem, which can cause breaches on any other machine on
>the network.  This is a time-honored way for hackers to bust into machines
>on the Internet.
>
>do{
>   telnet to an Internet host that does not have adequate security
>
>   Patch the telnet client on the Be box to save keystrokes into a file
>
>   Log out
>
>   Wait a couple weeks
>
>   Telnet back in, retrieve the file.
>
>   Now you have the host names, account names, and passwords for several other
>   machines
>}while ( Internet != destroyed );
>
>Would someone from Be care to clarify?
>
>This isn't exactly on-topic for this list, but it is a serious problem.
>It's been going on for years on other OS's.
>
>Mike
>
>Michael D. Crawford             | I use anonymous digital cash from DigiCash.
>crawford at scruznet.com           | Join the e-Cash trial at:
>http://www.scruz.net/~crawford/ | http://www.digicash.com
>

-----------------
Robert Hettinga (rah at shipwright.com)
Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131
USA (617) 323-7923
"Reality is not optional." --Thomas Sowell
>>>>Phree Phil: Email: zldf at clark.net  http://www.netresponse.com/zldf <<<<<








More information about the cypherpunks-legacy mailing list