From owner-freebsd-security Tue Feb 28 12:13:53 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.9/8.6.6) id MAA01576 for security-outgoing; Tue, 28 Feb 1995 12:13:53 -0800 Received: from reinfra.regent.e-technik.tu-muenchen.de (root@reinfra.regent.e-technik.tu-muenchen.de [129.187.230.226]) by freefall.cdrom.com (8.6.9/8.6.6) with SMTP id MAA01219; Tue, 28 Feb 1995 12:04:39 -0800 Received: from vector.eikon.e-technik.tu-muenchen.de ([129.187.142.36]) by reinfra.regent.e-technik.tu-muenchen.de with SMTP id <367>; Tue, 28 Feb 1995 14:56:06 +0100 Received: (from jhs@localhost) by vector.eikon.e-technik.tu-muenchen.de (8.6.9/8.6.9) id WAA05626; Mon, 27 Feb 1995 22:00:31 +0100 Date: Mon, 27 Feb 1995 22:00:31 +0100 From: Julian Howard Stacey Message-Id: <199502272100.WAA05626@vector.eikon.e-technik.tu-muenchen.de> To: hackers@freefall.cdrom.com, jkh@freefall.cdrom.com Subject: Re: key exchange for rlogin/telnet services? Cc: security@freefall.cdrom.com Sender: security-owner@FreeBSD.org Precedence: bulk Jordan wrote: > you have no way of knowing > whether or not that password you just typed to log in to freefall was just > sniffed by the entire ..... .... > Should I be locked up by the NSA for even suggesting this? Nope, Welcome to the select group of the terminally paranoid :-) I've been paranoid long before I arrived on the Internet:- (yes, I know, long after you arrived :-) I've Always used one password for my `home' trusted boxes, and one or more other passwords for all the other hosts. I never (well, nearly never ;-) type my real home password through any telnet or shell or rlogin or even microprocessor coms box (inc. PC running kermit as a vt100 emulator) toward my `home' boxes, Instead I always ftp out from my home boxes toward the less secure boxes. Of course this strategy doesn't help your problem, except to know there are others out here equally paranoid (but you knew that anyway ;-) Back in '78 we were joking just how how easy it would be to grab root access, 2 M6800 assembler coding hours later ... we had. Back in '95 (yeah now ;-) Newsweek edition of Feb 27th, Page 37 tells how Tsutomu Shimomura `led the Feds to' [cracker Kevin] Mitnick's door. (In fact much of the Newsweek issue is taken up with Internet this week). Welcome to paranoid reality :-) PS Here's an interesting security doc to browse: ftp.informatik.tu-muenchen.de:/pub/comp/networking/security-doc " This is the complete text for SRI Information and Telecommunications Sciences and Technology Division Technical Report ITSTD-721-FR-90-21. " I view it with groff & ghostview, I've hacked up a much enhanced Makefile (PD) to make viewing easier. --- Julian Stacey