I never worry about being hacked! I always use upper case asterisks for my password!<G>
John -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ed Leafe Sent: Friday, August 18, 2006 11:45 AM To: ProFox Email List Subject: Re: [NF] Security and how to deal with who should do what On Aug 18, 2006, at 12:24 PM, Paul Hill wrote: >> Sure, but the fault for this was largely the use of weak >> passwords. >> It used advanced (for the time) dictionary attacks to guess the >> password it needed; any machines that survived the password guessing >> was not infected. > > IIRC it used buffer vulnerabilities in the BSD tools too. It used buffer overruns in some programs that were common on BSD, such as finger, sendmail and rsh. However, in order for the holes in those programs to be exploited, it first had to get in via a hacked password. The code in the overflow would use the account and password it got from the login to do its dirty work. And no, I don't remember things with this level of detail. As I get older, Google is a better friend every day! -- Ed Leafe -- http://leafe.com -- http://dabodev.com [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
