[TUHS] History of exploits - request for authors
Dave Horsfall
dave at horsfall.org
Wed Dec 20 09:45:21 AEST 2017
On Tue, 19 Dec 2017, Derek Fawcus wrote:
>> Leaving a "login" simulator on a terminal (quite common).
>
> Well if you include that one, you may want to include the simple brute
> force testing of passwords against /etc/passwd (before shadow files
> existed). The login name and real names (direct or reversed) would tend
> to get at least one hit.
Too easy :-)
Re the simulator, a former boss suggested (when these things were rife)
that the BEL character could only be outputted by "root", and if you
didn't hear "ding", well...
I (and likely others) worked around them by deliberating typing a wrong
password (the kiddies were rarely smart enough to loop a couple of times
or to test it), and I was glad when I started working there and had my own
terminal (OK, a shared one in our office).
--
Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer."
More information about the TUHS
mailing list