Wietse Venema, at 10:48 -0400 on Tue, 4 Sep 2001, wrote: If an operator leaves his/her terminal unattended, then a miscreant can plant any number of trojan horses to gain future root access. However, trojans can theoretically be avoided given the right user-environment setup. They also require action to be taken by the victim, which increases the time it takes to execute the attack. The attack I describe is not a trojan, and needs no vicitim action. The importance of needing user action is important, because increasing the length of time from the start of the attack to the finish of it increases the possibility of the trojan being detected by some means. -- Frank Tobin http://www.neverending.org/~ftobin/
This archive was generated by hypermail 2b30 : Tue Sep 04 2001 - 23:27:07 PDT