Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!aplcen!haven!adm!news
From: ssds!tims@uunet.uu.net (Tim Sesow (SSDS Rocky Mntn))
Newsgroups: comp.unix.internals
Subject: Re: Finding Passwords
Message-ID: <24590@adm.BRL.MIL>
Date: 25 Sep 90 07:14:06 GMT
Sender: news@adm.BRL.MIL
Lines: 24

Curtis Yarvin <cgy@cs.brown.edu> writes:
>You should be able to prevent this.  SunOS (and thus likely BSD as well,
>though I don't know) make the first login prompt "<hostname> login:", and
>switch to plain "login:" if an incorrect password is entered.  This disables
>login trojans by making them unconcealable.  Alternatively, on at least some
>SysV machines, you can change the first prompt from the soft underbelly of
>"login:" by mucking with /etc/gettydefs (I think /etc/gettytab on BSD is the
>same).

IMHO, I don't believe there is any way on a terminal (as opposed
to TELNET) to have the UNIX O/S deter a dedicated trojan horse 
writer.   You can increase the levels of interaction for the trojan
horse program to simulate, but writing 
a trojan horse to capture passwords for any given system is 
relatively easy.  A hardware scheme to shut down the terminal 
session might work IF (1) every user turns off the terminal and
(2) the SIGHUP cannot be caught.

One way out:  stick to TELNET sessions and ALWAYS disconnect and reconnect
before logging on.

Tim Sesow
SSDS Inc. Rocky Mountain Region 
Littleton, CO