lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20030302205029.GC618@zaurus.ucw.cz>
From: pavel at suse.cz (Pavel Machek)
Subject: Re: Terminal Emulator Security Issues

Hi!

> TERMINAL EMULATOR SECURITY ISSUES
> Copyright  2003 Digital Defense Incorporated

I played related joke on my friends,
telling them to 

telnet host 1234

and login with

secret
#r_f#_m -r _g_/

(of coursed it set terminal to black/black
and disconnected after printing "Password:".)

Not permiting black-on-black-type
color combinations should help this.

Also terminals have various answerback
sentences. On localhost it is easy to
exploit any such thing.

(Create README file and xtermls executable
in some directory. Make README ask
xterm for answerback and hope user
will do ls after cat-ing README. Ouch.)
				Pavel 

-- 
				Pavel
Written on sharp zaurus, because my Velo1 broke. If you have Velo you don't need...

Powered by blists - more mailing lists