JOSH%YKTVMH.BITNET@WISCVM.ARPA (Josh Knight) (11/12/85)
> From: gwyn@brl-tgr.ARPA (Doug Gwyn <gwyn>) > > > > How can one be sure that there isn't some > > > magic code that allows one to listen in on ones neighbor - as is > > > well known, early releases of UNIX had just such a boobytrap carefully > > > hidden in the root password checking. > > > > Oh? This sounds interesting, what was the nature of this > > booby-trap? What was its intended use? Anyone know? > > Well known, eh? Must have been in UNIX/WORLD :-) > > Maybe this is a reference to the bug that would allow one to log > in (as root) if precisely 100 '0's were typed for the password. > Or maybe it is a reference to Ken Thompson's "Trojan horse", for which see CACM Vol. 27, No. 8 (August 1984) pp. 761-763. Of course, any opinions, expressed or implied are mine and not my employers... Josh Knight IBM T.J. Watson Research Center josh@yktvmh.BITNET, josh.yktvmh.ibm-sj@csnet-relay.ARPA
gwyn@BRL.ARPA (VLD/VMB) (11/13/85)
I don't think any "release of UNIX" had a Trojan horse. They have had some pretty yucky security bugs, though.
bzs%buit4%bostonu.csnet@CSNET-RELAY.ARPA (Barry Shein) (11/13/85)
What was the paper describing channel punning on IBM/370 systems? Oh, that's right, IBM doesn't pay their people to publish their security bugs.... -Barry Shein, Boston University
jbn@wdl1.UUCP (11/15/85)
The term ``Trojan Horse'' is used by the computer security community
to indicate a device or program deliberately placed inside a security
perimeter which, acting in concert with an attacker outside the security
perimeter, allows a specific type of attack to be successful where it would
otherwise fail. Note the use of the word ``deliberately''. Gaps in security
occuring through error or ommission are not considered Trojan Horses.
The term ``Trojan Horse'' is generally considered to come from Homer's
description of the siege of Troy in the Illiad, of course.
John Nagle