Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!ucsd!ucbvax!NISC.SRI.COM!bjork
From: bjork@NISC.SRI.COM (Steve Bjork)
Newsgroups: comp.unix.internals
Subject: Hacking the hackers
Keywords: security, trojan horse.
Message-ID: <21456@fs2.NISC.SRI.COM>
Date: 25 Sep 90 21:49:33 GMT
References: <LUSH.90Sep21083625@athena0.EE.MsState.Edu> <50845@brunix.UUCP> <12165@chaph.usc.edu>
Reply-To: bjork@NISC.SRI.COM (Steve Bjork)
Organization: Network Info Systems Ctr., SRI Intl., Menlo Park, CA.
Lines: 14


In the cshell world, type the control z. If you suspend the hacker's
program, you of course know it's a trojan. Make sure you know whose
account it is (whoami). 

In general, start every login sequence with your system's "abort program"
command. This might catch something fishy someday.

Argh, how I'd hate to have to be so paranoid in my life.
This is equivalent to "shoot first, ask questions later."

Sigh.

--Steven