Path: utzoo!utgpu!water!watmath!clyde!rutgers!ames!ucbcad!ucbvax!hplabs!sdcrdcf!ism780c!mikep From: mikep@ism780c.UUCP (Michael A. Petonic) Newsgroups: comp.misc Subject: Re: Trojan Horse a Myth? Message-ID: <8192@ism780c.UUCP> Date: 10 Dec 87 09:42:16 GMT References: <459@gtx.com> <405@tardis.cc.umich.edu> Reply-To: mikep@ism780c.UUCP (Michael A. Petonic) Organization: Interactive Systems Corp., Santa Monica CA Lines: 30 In article <405@tardis.cc.umich.edu> shane@pepe.cc.umich.edu (Shane Looker) writes: >I have a friend who wrote a Trojan horse login screen on a TOPS-20 system >(or was it a TOPS-10?) several years ago. A friend of his managed to collect >a large number of logins and passwords before they caught him. It's really simple to do. In fact, if you're using UNIX, it even easier to do than on a TWENEX system. I did the same thing when I was a summer hire for the at an Army post. It was on a VMS3.x system and got me SYSTEM priveledges. Also earned me a dubious reputation. On VMS, I had to kludge it, and say that the user typed in an incorrect password and then exit (silently, of course) and let the REAL login come out. This was the tattle tale of the technique. If you bombed out of the login when you KNOW you typed the password right. Oh yeah, it was all done with a command file, not in C or any other compiled language... Shows you how simple it was. I think the generic term for these devices are called "Password Snatchers". See, it's so easy to think of that there's even a generic name for it... -MikeP -------- Michael A. Petonic (213) 453-8649 x3247 INTERATIVE Systems Corporation "My opinions in no way influences 2401 Colorado Blvd. the price of tea in China." Santa Monica, CA. 90404 {sdcrdcf|attunix|microsoft|sfmin}!ism780c!mikep