Path: utzoo!attcan!uunet!munnari.oz.au!uniwa!cutmcvax!wemmp
From: wemmp@cutmcvax.OZ (Peter Wemm)
Newsgroups: comp.unix.internals
Subject: Re: Finding Passwords
Summary: pty/real login
Keywords: dont try this
Message-ID: <162@cutmcvax.OZ>
Date: 8 Oct 90 09:47:05 GMT
References: <8685@mirsa.inria.fr> <12438:Oct223:00:3290@kramden.acf.nyu.edu> <651@puck.mrcu> <21948:Oct606:29:2890@kramden.acf.nyu.edu> <52347@brunix.UUCP> <BZS.90Oct6191703@world.std.com>
Reply-To: wemmp@cutmcvax.oz.au (Peter Wemm)
Organization: Curtin University of Technology, Maths & Comp Sc
Lines: 21


Just a thought on all this trojan/spoofing stuff... what about if the
spoffer opens a tty/pty that just transfers characters between master/slave
and the process catches all data passing through containing the lines
'login:' or 'password'.  I think it can.  That way it could run a fake
getty/REAL login or perhaps even both of the real programs!! It would
be in-detectable except that if the user typed 'tty' they would
be on ttyp? instead of the normal line.  Again, this requires physical access
to the terminal or line.

Just a thought.......

-Peter
-- 
-----------------------------------------------------------------------
ACSnet: wemmp@cutmcvax.oz
ARPA:   wemmp%cutmcvax.oz.au@uunet.uu.net
UUCP:   {uunet,hplabs,ukc}!munnari!cutmcvax.oz.au!wemmp
-----------------------------------------------------------------------
------- Who me?? That?? No, That is just terminal line noise!! --------
-----------------------------------------------------------------------