Path: utzoo!attcan!uunet!nih-csl!lhc!adm!cmcl2!kramden.acf.nyu.edu!brnstnd
From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein)
Newsgroups: comp.unix.internals
Subject: Re: Finding Passwords
Message-ID: <25680:Sep2805:58:2290@kramden.acf.nyu.edu>
Date: 28 Sep 90 05:58:22 GMT
References: <3346:Sep2422:01:3090@kramden.acf.nyu. <936@mwtech.UUCP> <BZS.90Sep28014217@world.std.com>
Organization: IR
Lines: 12

In article <BZS.90Sep28014217@world.std.com> bzs@world.std.com (Barry Shein) writes:
> One simple and non-intrusive defense against most such attacks would
> be if, on successful login, the system would just tell you how many
> unsuccessful login attempts there have been on your account.

That only defends against login spoofs. (I actually prefer somewhat more
information: the current login session number, recent weird activity,
and last couple of logins in a readable format like ``two hours ago.'')
It does absolutely nothing for the sort of Trojan Horse that we're
discussing.

---Dan