Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!uunet!brunix!gjb
From: gjb@cs.brown.edu (Gregory Brail)
Newsgroups: comp.protocols.appletalk
Subject: Re: Cayman's 'Watch' is security threat.
Message-ID: <75725@brunix.UUCP>
Date: 14 May 91 20:59:39 GMT
References: <23491.9105141352@crete.dcs.glasgow.ac.uk>
Sender: news@brunix.UUCP
Reply-To: gjb@cs.brown.edu (Gregory Brail)
Organization: Brown University Department of Computer Science
Lines: 25

In article <23491.9105141352@crete.dcs.glasgow.ac.uk> inei@cs.glasgow.ac.uk (Nick Nei) writes:
>
>What I dread has finally happened - our students have discovered
>Cayman's Watch program and with glee watched user's login passwords
>fly by on their screens while running Watch.

It sounds to me that the security threat is in your file server (or
whatever) software that transmits clear-text passwords over the net
rather than encrypted ones. AppleShare encrypts passwords before
transmitting them, so using it should be more secure than using other
file server software. As for passwords typed when logging into to
other computers (like UNIX boxes), I don't know. Either that or wait
until someone solves this problem at the OS level (like with Kerberos
or something.)

Good operating systems do things in such ways that people who listen
to the network can't find out passwords and other confidential
information. Watch isn't the only program that lets people see what
goes over the network. It's just easier to use and easier to get.

				-greg
+----------------------------------------------------+
Greg Brail
Internet: gjb@cs.brown.edu  BITNET: gjb@browncs.bitnet
UUCP:	..uunet!brunix!gjb  Home:   (401)273-1172