Date: Thu, 30 Nov 1995 16:25:16 +0100 From: "Julian H. Stacey" <jhs@vector.eikon.e-technik.tu-muenchen.de> To: Robert Du Gaue <rdugaue@calweb.com> Cc: security@FreeBSD.ORG, tb@emi.net Subject: Re: ****HELP***** Message-ID: <199511301525.QAA02524@vector.eikon.e-technik.tu-muenchen.de> In-Reply-To: Your message of "Thu, 30 Nov 1995 00:00:50 PST." <8119.817718450@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Responding to: > From: Robert Du Gaue <rdugaue@calweb.com> > Cc: security@FreeBSD.ORG > To: "Jordan K. Hubbard" <jkh@time.cdrom.com> > Subject: Re: ****HELP***** > Cc: security@FreeBSD.ORG With reference to the > One thing very strange was my user said this guy appeared to be > controling him in IRC. He (the perp) was moving the user around from room > to room (joining him into gay channels and stuff) and then typing in > lines for him also. All with the user watching without able to control > what he was doing to him.> Ref. the IRC bit ... Sounds like one of the attack methods may be getting hold of your X Display too ? A friend Tom Bagley <tb@emi.net> did a demo for me years ago, to show me my X session was unsafe (innocent demo I might add, nothing nasty). Anyway, ask Tom how to sew that particular hole up (I can't remember) that'll still leave all the other holes of to block of course. I'm no security wizz unfortunately, But for background reading, you might want to check out URLs on my http://www.freebsd.org/~jhs/computing.html (Security section) In particular perhaps this might help ? Security Alert Report Authorities CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 <cert@cert.org> Julian --- Julian H. Stacey jhs@freebsd.org http://www.freebsd.org/~jhs/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199511301525.QAA02524>