Subject: Re: automatic login
To: Chuck Yerkes <chuck+nbsd@snew.com>
From: Steven M. Bellovin <smb@research.att.com>
List: netbsd-users
Date: 07/03/2002 18:08:54
In message <20020703145057.B16108@snew.com>, Chuck Yerkes writes:
>I'd disagree with that. telnet became moot when RTM published
>his papers in 85 about sniffing passwords. rsh/rlogin were
>hacks that filled the gap.
?? rsh/rlogin came with 4.2bsd from Berkeley. rtm wrote a tech report
in 1985 on using sequence number attacks against rsh. Password
-sniffing was obviously possible (I have vague recollections of the
original Ethernet paper in CACM mentioning the need for encryption),
but the first widespread instances of it were in 1993.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)