Full Disclosure mailing list archives
Re: Terminal Emulator Security Issues
From: Pavel Machek <pavel () suse cz>
Date: Sun, 2 Mar 2003 21:50:29 +0100
Hi!
TERMINAL EMULATOR SECURITY ISSUES Copyright 2003 Digital Defense Incorporated
I played related joke on my friends, telling them to telnet host 1234 and login with secret #r_f#_m -r _g_/ (of coursed it set terminal to black/black and disconnected after printing "Password:".) Not permiting black-on-black-type color combinations should help this. Also terminals have various answerback sentences. On localhost it is easy to exploit any such thing. (Create README file and xtermls executable in some directory. Make README ask xterm for answerback and hope user will do ls after cat-ing README. Ouch.) Pavel -- Pavel Written on sharp zaurus, because my Velo1 broke. If you have Velo you don't need... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Terminal Emulator Security Issues Pavel Machek (Mar 02)