Path: utzoo!attcan!uunet!tut.cis.ohio-state.edu!unmvax!uokmax!slfields
From: slfields@uokmax.ecn.uoknor.edu (Scott L Fields)
Newsgroups: comp.unix.internals
Subject: Re: Finding Passwords
Keywords: security
Message-ID: <1990Sep24.151824.30714@uokmax.ecn.uoknor.edu>
Date: 24 Sep 90 15:18:24 GMT
References: <LUSH.90Sep21083625@athena0.EE.MsState.Edu> <50845@brunix.UUCP> <12165@chaph.usc.edu>
Organization: Engineering Computer Network, University of Oklahoma, Norman, OK
Lines: 22

In article <12165@chaph.usc.edu> jeenglis@alcor.usc.edu (Joe English Muffin) writes:
>>though I don't know) make the first login prompt "<hostname> login:", and
>>switch to plain "login:" if an incorrect password is entered.  This disables
>>login trojans by making them unconcealable.
>
>Yeah, but by the time you realize that
>login isn't displaying the right prompt,
>it's too late to do anything.  The password-
>snarfer could also exec /bin/login instead of
>exiting, which would make everything look
>right (it's getty that displays the hostname,
>etc., not login.)
>
>Of course, getting into the habit of always 
>typing a bogus username & password when
>you first sit down at a terminal will defeat
>most simple-minded login trojans, if you 
>want to be paranoid about it.

The point in the previous case is to immediately change your password if you
spot the trojan after logging in. A better idea might be to hit break before
logging in. Always the possibility of landing in the trojans account.