1998-03-06 - Re: Login Tripwire Protocols

Header Data

From: David Honig <honig@otc.net>
To: andrew fabbro <jkwilli2@unity.ncsu.edu>
Message Hash: 858caf510a2a0257f3107d36810b960b17cae348d97cd050a53d55a39347fcf9
Message ID: <3.0.5.32.19980306093852.007b3200@otc.net>
Reply To: <Pine.SOL.3.96.980305125302.21425A-100000@c00069-100lez.eos.ncsu.edu>
UTC Datetime: 1998-03-06 17:48:28 UTC
Raw Date: Fri, 6 Mar 1998 09:48:28 -0800 (PST)

Raw message

From: David Honig <honig@otc.net>
Date: Fri, 6 Mar 1998 09:48:28 -0800 (PST)
To: andrew fabbro <jkwilli2@unity.ncsu.edu>
Subject: Re: Login Tripwire Protocols
In-Reply-To: <Pine.SOL.3.96.980305125302.21425A-100000@c00069-100lez.eos.ncsu.edu>
Message-ID: <3.0.5.32.19980306093852.007b3200@otc.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:38 PM 3/5/98 -0500, andrew fabbro wrote:
>Can you build a reliable login tripwire on a machine where you don't
>have root access and root is likely a malicious character?  The answer
>is...maybe!  It requires a fairly sophisticated protocol and a lot of
>work...here are three of my ideas that didn't pan out, one that probably
>would, and a lot of caveats.  I'd appreciate comments, criticism,
>etc. from other 'punks.

Look up Ross Anderson et al's paper, Programming Satan's Computer, in
which a similarly omnipotent and malicious programming environment is 
discussed.


------------------------------------------------------------
      David Honig                   Orbit Technology
     honig@otc.net                  Intaanetto Jigyoubu

"But if we have to use force, 
it is because we are America;
we are the indispensable nation."
---Secretary of State Madeleine K. Albright
http://www.jya.com/see-far.htm







	
















Thread