Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!wasatch!cs.utexas.edu!uunet!crdgw1!crdgw1.ge.com!barnett
From: barnett@crdgw1.crd.ge.com (Bruce Barnett)
Newsgroups: comp.unix.questions
Subject: Re: .plan
Message-ID: <1966@crdgw1.crd.ge.com>
Date: 29 Aug 89 11:03:07 GMT
References: <61@towernet.UUCP> <1989Aug23.192105.21328@ee.rochester.edu> <1815@cunixc.cc.columbia.edu> <1077@virtech.UUCP> <2620@trantor.harris-atd.com>
Sender: news@crdgw1.crd.ge.com
Reply-To: barnett@crdgw1.crd.ge.com (Bruce Barnett)
Organization: GE Corp. R & D, Schenectady, NY
Lines: 17
In-reply-to: bbadger@x102c.harris-atd.com (Badger BA 64810)

In article <2620@trantor.harris-atd.com>, bbadger@x102c (Badger BA 64810) writes:
>What can be done about this problem?  Don't use these terminals if you
>can avoid it, and if security is any importance to you.  Don't
>allow anyone to write directly to your terminal (mesg n).  Use only
>trusted applications which filter out the nasty sequences.

Also, don't allow anyone in the room with such a terminal.
Most vt100's allow anyone to change the ANSWERBACK string
if they can physically access the terminal.

I also suggest that if you EVER use a vt100 that is in a public
place, and you are concerned with security, you check what happens
when a Control-E is sent to the terminal everytime you log into
your account.

--
Bruce G. Barnett	<barnett@crd.ge.com>   uunet!crdgw1!barnett