lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030302205029.GC618@zaurus.ucw.cz> From: pavel at suse.cz (Pavel Machek) Subject: Re: Terminal Emulator Security Issues Hi! > TERMINAL EMULATOR SECURITY ISSUES > Copyright 2003 Digital Defense Incorporated I played related joke on my friends, telling them to telnet host 1234 and login with secret #r_f#_m -r _g_/ (of coursed it set terminal to black/black and disconnected after printing "Password:".) Not permiting black-on-black-type color combinations should help this. Also terminals have various answerback sentences. On localhost it is easy to exploit any such thing. (Create README file and xtermls executable in some directory. Make README ask xterm for answerback and hope user will do ls after cat-ing README. Ouch.) Pavel -- Pavel Written on sharp zaurus, because my Velo1 broke. If you have Velo you don't need...
Powered by blists - more mailing lists