Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!orion.oac.uci.edu!ucivax!ucla-cs!kona.cs.ucla.edu!steph
From: steph@kona.cs.ucla.edu (Stephen Sakamoto)
Newsgroups: comp.protocols.appletalk
Subject: Re: Cayman's 'Watch' is security threat.
Message-ID: <1991May15.032836.11986@cs.ucla.edu>
Date: 15 May 91 03:28:36 GMT
References: <9105142111.AA08420@aquarium.ecn.purdue.edu>
Sender: usenet@cs.ucla.edu (Mr. News Himself)
Organization: UCLA Computer Science Department
Lines: 34
Nntp-Posting-Host: kona.cs.ucla.edu

In article <9105142111.AA08420@aquarium.ecn.purdue.edu> moyman@ECN.PURDUE.EDU (Mike Moya) writes:
>What I would very much like to see (and VERY trivial to do by the
>developers of these programs) is that all of these programs (Watch,
>ApplePeek, etc...) that sniff the AppleTalk NBP *REGISTER* themselves on
>the NET. That way anybody else with an ounce of programming knowledge and
>can read IMXX can write a trivial watchdog program that simply looks for
>the registration of any "sniffing" programs running on the AT net... It
>would never stop somebody from writing their own (not *that* tough)
>sniffer, but much tougher to do than downloading an app. Granted it's not a
>perfect solution (and older copies would remain out there) BUT, IMHO it
>would be one more level of protection.
>
>
If you wanted to know when somone was running a program like this it would
work. If you want to know who was running it, this would offer no
protection at all. Most software that I have seen that does any kind of
registration uses the Chooser name. I consider that information pretty
useless since anyone can change it to anything. It looks like the only real
solution is to stop send any password over the network even if it's 
encrypted.  
>
>Just a thought...
>--moya
>
>--Mike Moya 
>--Macintosh Systems and Networking
>--Engineering Computer Network, Purdue University
>--moyman@ecn.purdue.edu 


-- 
Stephen Sakamoto
UCLA Computer Science Department
steph@cs.ucla.edu