Path: utzoo!attcan!uunet!zephyr.ens.tek.com!uw-beaver!mit-eddie!snorkelwacker!usc!zaphod.mps.ohio-state.edu!swrinde!emory!mephisto!udel!princeton!phoenix!subbarao
From: subbarao@phoenix.Princeton.EDU (Kartik Subbarao)
Newsgroups: comp.unix.internals
Subject: Re: Hacking the hackers
Keywords: security, trojan horse.
Message-ID: <2808@idunno.Princeton.EDU>
Date: 26 Sep 90 12:58:28 GMT
References: <50845@brunix.UUCP> <12165@chaph.usc.edu> <21456@fs2.NISC.SRI.COM>
Sender: news@idunno.Princeton.EDU
Lines: 29

In article <21456@fs2.NISC.SRI.COM> bjork@NISC.SRI.COM (Steve Bjork) writes:
>
>In the cshell world, type the control z. If you suspend the hacker's
>program, you of course know it's a trojan. Make sure you know whose
>account it is (whoami). 
>
And you don't think that the "hacker" in question is smart enough to 
exec his program?

>In general, start every login sequence with your system's "abort program"
>command. This might catch something fishy someday.
>Argh, how I'd hate to have to be so paranoid in my life.
>This is equivalent to "shoot first, ask questions later."

Well - not exactly "shoot" first, but sort of like -- "let me call you 
back to make sure you are REALLY who you are"...but anyway, I agree that it
would be really sad if a person would have to do such a thing all the time.

>Sigh.

Likewise.
			-Kartik



(I need a new .signature -- any suggestions?)
subbarao@{phoenix or gauguin}.Princeton.EDU -|Internet
kartik@silvertone.Princeton.EDU (NeXT mail)       -|	
subbarao@PUCC.BITNET			          - Bitnet