[TUHS] History of exploits - request for authors

Dave Horsfall dave at horsfall.org
Wed Dec 20 09:45:21 AEST 2017


On Tue, 19 Dec 2017, Derek Fawcus wrote:

>>      Leaving a "login" simulator on a terminal (quite common).
>
> Well if you include that one, you may want to include the simple brute 
> force testing of passwords against /etc/passwd (before shadow files 
> existed). The login name and real names (direct or reversed) would tend 
> to get at least one hit.

Too easy :-)

Re the simulator, a former boss suggested (when these things were rife) 
that the BEL character could only be outputted by "root", and if you 
didn't hear "ding", well...

I (and likely others) worked around them by deliberating typing a wrong 
password (the kiddies were rarely smart enough to loop a couple of times 
or to test it), and I was glad when I started working there and had my own 
terminal (OK, a shared one in our office).

-- 
Dave Horsfall DTM (VK2KFU)  "Those who don't understand security will suffer."


More information about the TUHS mailing list