Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!att!ucbvax!WSMR-SIMTEL20.ARMY.MIL!w8sdz
From: w8sdz@WSMR-SIMTEL20.ARMY.MIL (Keith Petersen)
Newsgroups: comp.binaries.ibm.pc.d
Subject: Re: Warning for ProComm Users
Message-ID: <W8SDZ.12676435255.BABYL@WSMR-SIMTEL20.ARMY.MIL>
Date: 10 Apr 91 18:18:00 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Lines: 27

Chris McDonald  ASQNC-TWS-R-SO <cmcdonal@wsmr-emh03.army.mil> writes
in a recent posting about security concerns with ProComm.

This security problem exists in all modem programs, including nearly
all versions of Kermit, which have the option of logging terminal
sessions.  In fact, there are very few programs that *don't* have that
feature.

This is really an access control issue.  The same security concerns
exist for text editors.  If the user is composing a text file and
leaves the computer without exiting the editor...  well, you see what
I mean.

I think the message should be reposted and entitled "Warning to modem
program users".  It should be pointed out that this problem exists on
any computer, not just MS-DOS computers.

An example:  A Unix host running Kermit to access a dial-out port.
The person initiating the call has the option in Unix Kermit to log
the entire terminal session to a file.  The log contains only incoming
text, so passwords which are not echoed will not be logged.

Keith
--
Keith Petersen
Internet: w8sdz@WSMR-SIMTEL20.Army.Mil    or     w8sdz@vela.acs.oakland.edu
Uucp: uunet!wsmr-simtel20.army.mil!w8sdz              BITNET: w8sdz@OAKLAND