The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #138 [Re: Another Feature of the Worm] (1 message, 523 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/138.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: Jon Rochlis <jon@ATHENA.MIT.EDU>
To: phage
Date: Mon 21:57:35 07/11/1988 EST
Subject: Re: Another Feature of the Worm
References: [Thread Prev: 122] [Thread Next: 141] [Message Prev: 136] [Message Next: 139]


   The worm exhibited one other manifestation, heretofore undiscussed:

   It logged in on the console (on a machine known to be physically secure).
   The login only lasted for moments.  The appropriate entries are in wtmp.

   It appears that it only did it with an account for which it had already
   cracked the password.

I don't believe this.  Unless the console can be gotten to over the
network this just cannot be true.   Are you sure the person in
question didn't actually log in? 

		-- Jon

END OF DOCUMENT