Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!nuchat!sugar!ficc!peter From: peter@ficc.ferranti.com (Peter da Silva) Newsgroups: comp.unix.internals Subject: Re: Finding Passwords Keywords: security Message-ID: <0A06VK3@xds13.ferranti.com> Date: 26 Sep 90 17:21:34 GMT References: <8354@helios.TAMU.EDU> <11133@galbp.LBP.HARRIS.COM> <50845@brunix.UUCP> Reply-To: peter@ficc.ferranti.com (Peter da Silva) Organization: Xenix Support, FICC Lines: 14 In article <50845@brunix.UUCP> cgy@cs.brown.edu (Curtis Yarvin) writes: > You should be able to prevent this. SunOS (and thus likely BSD as well, And most UNIX systems, these days... > make the first login prompt [special] and switch to plain "login:" if an incorrect password is entered. Yes, so you have to be smarter about your response. One that I saw a decade or so ago had a whole array of plausible error messages... Trojan horse login programs still live. A rather clumsy way of working, I think. There are lots more interesting places to put trojans, especially if there's a public bin directory out there... -- Peter da Silva. `-_-' +1 713 274 5180. 'U` peter@ferranti.com