[4498] in cryptography@c2.net mail archive
Re: references to password sniffer incident
daemon@ATHENA.MIT.EDU (Bill Frantz)
Sun Apr 11 21:52:40 1999
In-Reply-To: <19990408232146.B16704@alphalinux.org>
Date: Fri, 9 Apr 1999 09:42:23 -0700
To: "Daniel J. Frasnelli" <dfrasnel@alphalinux.org>,
Dominick LaTrappe <seraf@2600.com>
From: Bill Frantz <frantz@netcom.com>
Cc: cryptography@c2.net
I know of three systems that have been attacked in the last month or so.
One was attacked by social engineering the password out of an user.
Another was attacked by installing NETBUS on an user's machine. The third
was attacked by having the attacker subscribe himself to the mailing list
used to distribute passwords. (Mailing list!)
With this being the state of the art in protection, why bother with
intercepts, cryptoanalysis etc?
-------------------------------------------------------------------------
Bill Frantz | Macintosh: Didn't do every-| Periwinkle -- Consulting
(408)356-8506 | thing right, but did know | 16345 Englewood Ave.
frantz@netcom.com | the century would end. | Los Gatos, CA 95032, USA
