[plug] Trade [flame alert]
Anthony J. Breeds-Taurima
tony at cantech.net.au
Tue Feb 29 12:58:56 WST 2000
On Tue, 29 Feb 2000, Christian wrote:
> Even if you pretend to be someone else, what admin is going to install
> an arbitrary program received by email from a stranger? The attack
> won't work.
I've tried to stay out of this BUT .... What you should have said is "The
attack wont work with a Sys Amdin thats doing his/her job properly".
Jeremy never said hed forge the email to be from a stranger .... he could
send you an email from Oliver for instance.
I know, form experience, that people try it. If Jeremy is going to be
exhaustive in his efforts to break into your machine then, by defintion, he
should try all possible routes of system breach ... and this one is valid.
albeit stupid.
> No admin in his right mind would use the same password. This attack is
> useless in the current context.
being exhaustive again .... and peole do .... I know some one that uses the
same password for root on all thier boxes, user accounts (on thier own boxes),
web based email (hotmail) and accounts one machines thet they have NO control
over.
I'm CERTAINLY not advocating this behaviour BUT Jeremy is meerly checking
possibilities. He never said this was his only form of "hack".
Right thats just my point of view. Both of you are making vailid point your
just taking it on from different levels. Thats exactly WHY Jeremy wanted
someone else to have a go at his box .... the way EVERYONE thinks is differnt
and those differences will have differnt results.
Yours Tony.
More information about the plug
mailing list