Path: utzoo!mnetor!uunet!lll-winken!lll-lcc!lll-tis!ames!hao!husc6!bu-cs!madd
From: madd@bu-cs.BU.EDU (Jim Frost)
Newsgroups: sci.crypt
Subject: Re: Unix Password Hacker
Message-ID: <20185@bu-cs.BU.EDU>
Date: 26 Feb 88 00:22:38 GMT
References: <731@ddsw1.UUCP> <657@morningdew.BBN.COM> <1368@homxc.UUCP> <739@ddsw1.UUCP> <1118@uop.edu> <2584@crash.cts.com>
Reply-To: madd@bu-it.bu.edu (Jim Frost)
Followup-To: sci.crypt
Distribution: na
Organization: Boston University Distributed Systems Group
Lines: 22

In article <2584@crash.cts.com> jkimble@crash.CTS.COM (Jim Kimble) writes:
>In article <1118@uop.edu> todd@uop.edu (Dr. Nethack) writes:
>>In another place I worked the new semester was the best time, as all
>>the new accounts had the password of "nopassword".
>>
>>So if you played around, you could find some accounts by the lazy people
>>who did not bother to drop by the lab for the first two weeks.
>
>All this would really do is give you an additional UNIX account for a week
>or two.  I doubt the students have any more access then anyone else.

Under UNIX, it's pitifully easy to build yourself trap-doors into an
account if you have access for more than a few seconds, and not
difficult to hide the fact that you have access, either.

What difference would it make?  Extra storage.  Fall-guy when you want
to try nasty stuff and not get caught.  If you're in the same class as
they, you would have access to their work.

For many students, these are reasons enough.

jim frost
madd@bu-it.bu.edu