Path: utzoo!utgpu!attcan!uunet!husc6!rutgers!topaz.rutgers.edu!ron
From: ron@topaz.rutgers.edu (Ron Natalie)
Newsgroups: comp.unix.questions
Subject: Re: RE: wiretapping techniques
Message-ID: <Jul.27.10.29.40.1988.7221@topaz.rutgers.edu>
Date: 27 Jul 88 14:29:42 GMT
References: <16640@brl-adm.ARPA>
Organization: Rutgers Univ., New Brunswick, N.J.
Lines: 12

All the good security bugs out there today involve poorly designed
network code.  I worked on an Army "Tiger Team" project.  I nearly
never broke in through the main login system.  It nearly always
involved either some network back door, or compromising some non-priv
user to exploit system bugs to become priveledged (for example, the
proliferation of "field service" accounts that have trivial passwords).

Besides, as far as most people concerned, wire tapping the data on the
wire is as concerning as people actually being able to log in without
authorization.

-Ron