From: Norman Wilson <norman@oclsc.org>
To: tuhs@tuhs.org
Subject: Re: [TUHS] Recovered /etc/passwd files
Date: Tue, 08 Oct 2019 14:38:43 -0400 [thread overview]
Message-ID: <1570559927.29337.for-standards-violators@oclsc.org> (raw)
Back in the heyday of uucp, some sites were lazy and allowed
uucico access to any file in the file system (that was accessible
to the uucp user). A common ploy for white hats and black hats
was to try
uucp remotesys!/etc/passwd ~/remotesys
or the like, and see what came in and whether it had any easy
hashes (shadow password files didn't quite exist yet).
The system known to the uucp world as research! was more
careful: / was mapped to /usr/spool/uucp. We left a phony
etc/passwd file there, containing plausible-looking entries
with hashes that, if cracked, spelled out
why
are
you
wasting
your
time
I don't remember whether anyone ever stole it by uucp, though
I think Bill Cheswick used it to set up the phony system
environment for Berferd to play in (Google for `cheswick berferd'
if you don't know the story).
Norman Wilson
Toronto ON
next reply other threads:[~2019-10-08 18:39 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-08 18:38 Norman Wilson [this message]
2019-10-08 18:51 ` Arthur Krewat
2019-10-08 21:02 ` Dave Horsfall
2019-10-08 21:22 ` Arthur Krewat
2019-10-09 5:49 ` Nigel Williams
2019-10-09 5:52 ` Nigel Williams
2019-10-09 6:00 ` Warner Losh
2019-10-09 8:16 ` Andy Kosela
2019-10-09 8:53 ` Ken Thompson via TUHS
2019-10-09 9:16 ` Leah Neukirchen
2019-10-09 23:04 ` Dave Horsfall
2019-10-10 6:31 ` Vincenzo Nicosia
2019-10-09 19:59 ` Rob Pike
2019-10-09 20:09 ` Kurt H Maier
2019-10-09 21:05 ` Bakul Shah
2019-10-09 21:09 ` Warner Losh
2019-10-09 21:16 ` Arthur Krewat
2019-10-09 22:05 ` Adam Thornton
2019-10-09 23:28 ` Steffen Nurpmeso
2019-10-11 12:28 ` Anthony Martin
2019-10-09 20:14 ` Arthur Krewat
2019-10-10 20:24 ` Clem Cole
2019-10-10 20:38 ` Nemo
2019-10-10 20:52 ` John P. Linderman
2019-10-11 6:24 ` Dave Horsfall
2019-10-11 11:09 ` William Pechter
2019-10-11 23:46 ` Finn O'Leary
2019-10-12 0:21 ` Arthur Krewat
2019-10-10 8:21 ` Dan Cross
2019-10-10 11:58 ` Arthur Krewat
2019-10-10 12:07 ` Leah Neukirchen
2019-10-18 14:34 ` Arthur Krewat
2019-10-18 15:01 ` Royce Williams
2019-10-18 15:05 ` Royce Williams
2019-10-18 18:32 ` Royce Williams
2019-10-19 13:11 ` John P. Linderman
2019-10-10 13:57 ` Henry Bent
2019-10-10 14:05 ` Arthur Krewat
2019-10-15 16:32 ` Michael Kjörling
2019-10-10 14:10 ` Leah Neukirchen
2019-10-11 2:49 ` Dave Horsfall
2019-10-08 20:52 ` Dave Horsfall
2019-10-08 21:15 ` Michael Kjörling
-- strict thread matches above, loose matches on Subject: below --
2019-10-19 13:45 Norman Wilson
2019-10-19 20:27 ` ewe2
2019-10-19 20:41 ` Arthur Krewat
2019-10-03 18:51 Finn O'Leary
2019-10-03 19:30 ` Leah Neukirchen
2019-10-03 20:41 ` Finn O'Leary
2019-10-03 22:04 ` Steffen Nurpmeso
2019-10-03 23:24 ` Dave Horsfall
2019-10-04 0:59 ` WIlliam Cheswick
2019-10-04 16:08 ` Arthur Krewat
2019-10-04 10:29 ` Leah Neukirchen
2019-10-04 15:05 ` Ken Thompson via TUHS
2019-10-05 18:05 ` Tom Jones
2019-10-08 17:38 ` Arthur Krewat
2019-10-08 20:40 ` Dave Horsfall
2019-10-08 20:57 ` Arthur Krewat
2019-10-09 12:55 ` Leah Neukirchen
2019-10-09 16:17 ` Arthur Krewat
2019-10-05 17:29 ` Michael Kjörling
2019-10-05 17:49 ` Arthur Krewat
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1570559927.29337.for-standards-violators@oclsc.org \
--to=norman@oclsc.org \
--cc=tuhs@tuhs.org \
--subject='Re: [TUHS] Recovered /etc/passwd files' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).