Hi! > TERMINAL EMULATOR SECURITY ISSUES > Copyright 2003 Digital Defense Incorporated I played related joke on my friends, telling them to telnet host 1234 and login with secret #r_f#_m -r _g_/ (of coursed it set terminal to black/black and disconnected after printing "Password:".) Not permiting black-on-black-type color combinations should help this. Also terminals have various answerback sentences. On localhost it is easy to exploit any such thing. (Create README file and xtermls executable in some directory. Make README ask xterm for answerback and hope user will do ls after cat-ing README. Ouch.) Pavel -- Pavel Written on sharp zaurus, because my Velo1 broke. If you have Velo you don't need... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Sun Mar 02 2003 - 16:41:50 PST