For mgetty users with non-trusted shell logins

l41484@alfa.ist.utl.pt (l41484@alfa.ist.utl.pt)
Wed, 27 Jan 1999 23:30:06 +0100

Messages sorted by:[ date ][ thread ][ subject ][ author ]

On Wed, 27 Jan 1999, Gert Doering wrote:

> On Wed, Jan 27, 1999 at 05:53:14PM +0100, l41484@alfa.ist.utl.pt wrote:
> > I've nevers disbelieved Marc. I was just suggesting some defenses to what
> > i thought the vulnerability was. It's just, i was misunderstooding the
> > problem, and suggesting a defense which you had suggested a long time and
> > that i've never read. :-) 
> 
> Actually, I think the whole thing started on the mgetty list two years
> ago.  Then it turned into a discussion between Marc and me, and since
> I didn't had any idea how to solve this, Marc did his "rlogin" trick,
> and fell silent.  A couple of weeks ago, it resurfaced, and Marc decided
> to actually *warn* people about it...

Ah the old debate, security through obscurity or security through openess.
:-)

> To my knowledge, noboy had been aware of this exploit, or was even
> actively using it.  It needs some evil thinking to figure out *all*
> the nasties of this issue...

Never say never. :-) But i think we can say with same assurance, that
direct dial in access (of untrusted users) is becoming, less and less
common. For example i myself only use it, when my PPP access is
unavailable.

--
Tiago Pascoal  (l41484@alfa.ist.utl.pt)               FAX : +351-1-7273394
Politicamente incorrecto, e membro (nao muito) proeminente da geracao rasca.