[plug] Trade [flame alert]
Jeremy Malcolm
Jeremy at Malcolm.wattle.id.au
Tue Feb 29 11:02:18 WST 2000
-----BEGIN PGP SIGNED MESSAGE-----
> > I have. But I know my own passwords. The first thing I would do
if I
> > was trying to hack into someone else's system would be to guess or
> > sniff their passwords.
>
> Would it? To sniff the passwords you would need to a) compromise a
> machine on the same physical network or b) compromise a router
somewhere
> between where someone logs into your systems remotely using a
plaintext
> password exchange (e.g., telnet). ... Incidentally this confirms my
> earlier suspicion that there would be little value in your
reciprocal
> penetration attempt.
Well, it has worked for me before (strictly on a consensual level!).
Admittedly, in that case the sucker used Windoze on his personal
machine and I was able to fool him into installing BO on it. I logged
his keystrokes, and voila, all his passwords are mine. :-)
I'm not implying that anyone on this list would be so stupid, but
there are other ways of fooling people into giving you their passwords
(a good one is to set up a Webring and invite them to add their Web
site to it... as the ring administrator you get to see their
password). There is only a 10% chance that anyone will be stupid
enough, but it is still worth the attempt.
> What sort of link is the machine on? What networks are immediately
> upstream of it? What are its uptime stats like? How powerful is
the
> machine?
I could tell you, but then I would have to kill you. :-)
- --
JEREMY MALCOLM Jeremy at Malcolm.wattle.id.au http://malcolm.wattle.id.au
SIG of the day: [ ] Contact [ ] Web [ ] PGP [ ] Taglines #1 [x] #2
"I'm a lawyer." "Honest?" "No, the usual kind." | Linux, the choice of
a GNU generation. | Are you the brain specialist? | "Could anyone pass
the sodium chloride, please?" - Adric (5W) | The Nanites have lawyers?
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.0.2i
iQB1AwUBOLrGNb/mBljD2JABAQHDQwMAo5eIGTLz+QN0EnDIyGDsG22StufiqSzZ
15pwJmoHMipH6QXUIyizdzZ4vEcVR0xW+bjfXYmFYkFfXipadsau/BWRf+KKGm9T
To4Ly7zrJ3oIn2TaAiE/FdV3Bz860hQK
=PTSV
-----END PGP SIGNATURE-----
More information about the plug
mailing list