Bugtraq mailing list archives
Re: Write-only devices (Was read only devices)
From: jrvalverde () samba cnb uam es (J.R.Valverde)
Date: Thu, 27 Jun 1996 10:57:02 WET
if your logs contain passwords you should be shot....
ftp ftp.any.where.net # user types username too fast # FTP server flushes input and prompts Username: # user doesn't notice and types password # FTP server prompts for password # user realizes mistake and presses return to try again # FTP server notes in the logs a login error for user "pAsSwOrD" # user logins correctly and FTP server notes in the logs a # successful login for "user". The log looks like FTP: failed login attempt for user "pAsSwOrD" FTP: successful login for user "user" two seconds later The cracker sees that and thinks "what a strange username, and odd coincidence, hey, maybe...." and there you are. The same happens for most programs that log successful and wrong logins. If you don't record all login attempts then you don't know if someone is trying to log-in nor if the attacker is going after a specific account. You have to start interactively monitoring one by one all your accounts (no account name on any logs, remember?)... The lesson is: *users* do make mistakes. And there's no easy way you can both keep useful logs without them containing sensitive information. Either they do or they are useless. No need to shot anyone. Just avoid sending logs in plaintext over a network. jr
Current thread:
- Re: Write-only devices (Was read only devices), (continued)
- Re: Write-only devices (Was read only devices) Gary Howland (Jun 24)
- Re: Write-only devices (Was read only devices) DevilBunny (Jun 25)
- BoS: CERT Advisory CA-96.12 - Vulnerability in suidperl CERT Advisory (Jun 26)
- Re: Write-only devices (Was read only devices) Matthew Cable/USA.NET Inc. (Jun 26)
- Re: Write-only devices (Was read only devices) Dave Kinchlea (Jun 26)
- Re: Write-only devices (Was read only devices) DevilBunny (Jun 25)
- Re: Write-only devices (Was read only devices) Gary Howland (Jun 24)
- Re: Write-only devices (Was read only devices) Paul C Leyland (Jun 24)
- Re: Write-only devices (Was read only devices) Peter Jeremy (Jun 24)
- Re: Write-only devices (Was read only devices) neill (Jun 24)
- Re: Write-only devices (Was read only devices) Adam Bauer (Jun 25)
- Re: Write-only devices (Was read only devices) Gary Howland (Jun 26)
- Re: Write-only devices (Was read only devices) J.R.Valverde (Jun 27)
- Re: Write-only devices (Was read only devices) Ken Weaverling (Jun 27)
- Re: Write-only devices (Was read only devices) Jonathan Lemon (Jun 27)
- Re: Write-only devices (Was read only devices) Roderick Murchison, Jr. (Jun 27)
- Re: Write-only devices (Was read only devices) Matthew Cable/USA.NET Inc. (Jun 27)
- Re: Write-only devices (Was read only devices) Casper Dik (Jun 27)
- Re: Write-only devices (Was read only devices) aleipold () clark net (Jun 27)
- Re: Write-only devices (Was read only devices) Robert Banz (Jun 28)
- Re: Write-only devices (Was read only devices) Ken Weaverling (Jun 27)
- Re: Write-only devices (Was read only devices) Valdis.Kletnieks () vt edu (Jun 28)