shaunc@gold.gvg.tek.com (Shaun Case) (04/17/91)
re: procomm security problem
If you are THAT worried about security, you should power the machine
all the way down and up again. If you don't, someone could wander
in with a very small program that takes a snapshot of all 640k and
writes it to disk. You could then use LIST to look through it for
passwords that were saved in the scrollback buffer, or you
could use CHK4BOMB or some other utility to just scan the file for
text.
If you don't believe me, try the following C program:
#include <stdio.h>
int main()
{
FILE *secrets;
unsigned long i;
secrets=fopen("secrets.dat", "wb");
for (i=0; i<655360L; i++)
fputc( *(char far *)i, secrets);
fclose(secrets);
return 0;
}
Compiles to about 6k under borland C++ 2.0, which is pretty
much guaranteed to be smaller than procomm.
However, all the security measures in the world won't do
any good when people put their passwords for each system
in their dialing directories, as I have seen several times.
Don't you wish everyone was trustworthy?
// Shaun //
PS, please, no flames about my C code. If you want to have
the best chance at capturing valuable data, you want your
program to be as small as possible, without all that nasti
error checking. Right? Right.nyet@nntp-server.caltech.edu (n liu) (04/18/91)
Actually, i was confident that i could dismiss that kind advice from the army fairly safely, since the tone of the note reminded me of other "security" briefs i've seen from the military. The kind i'm referring to are the kind that advise you not to get too familiar with foriegners from communist countries if they ask you "overly prying" questions and generally act like KGB agents (trench coats, AM PM "bear is line?" accents and furry hats). Gee, i'm glad the vendor couldn't take out the annoying feature which allowed "you (read: lowly civilians) to do your [irrelevant] jobs." What the hell? The tone of the message irked me so much, I had to read it a couple more times for the irritation to fade into amusement. choke. nye