Xref: utzoo alt.sources:2370 comp.sources.d:5834
Path: utzoo!attcan!utgpu!cs.utexas.edu!yale!ox.com!lokkur!scs
From: scs@lokkur.dexter.mi.us (Steve Simmons)
Newsgroups: alt.sources,connect.audit,comp.sources.d
Subject: Re: GENERAL WARNING
Keywords: hackers
Message-ID: <1990Sep27.235630.12945@lokkur.dexter.mi.us>
Date: 27 Sep 90 23:56:30 GMT
References: <1990Sep26.234214.338@ibmpcug.co.uk>
Distribution: alt
Organization: Inland Sea
Lines: 19


cedman@lynx.ps.uci.edu (Carl Edman) writes:
> Now, really: It is very easy to change particularily a program like
> a shell to f.e. put the name of a non-backtraceable account into the
> .rhosts file and then send mail to it to inform the hacker that
> he has just gotten a new account. Maybe even a su account ?

demon@ibmpcug.co.uk (Cliff Stanford) replies:
>	You mean that if that were included in the source to a
>large program (ELM, for instance) you'd notice it was there
>before compiling it?  I doubt I would.

I wouldn't either, but to a great degree I'm depending on the collective
benefit of the net.  Were there a trapdoor buried in elm or some other
commonly used code from the net, there's a good chance that *somebody*
will notice it fast.  And woe to the person who got caught doing it!

Of course, this is another reason I'm more likely to blindly compile
stuff from comp.sources.{misc,unix} than alt.sources.