From: Norman Wilson <norman@oclsc.org> To: tuhs@tuhs.org Subject: Re: [TUHS] Recovered /etc/passwd files Date: Tue, 08 Oct 2019 14:38:43 -0400 [thread overview] Message-ID: <1570559927.29337.for-standards-violators@oclsc.org> (raw) Back in the heyday of uucp, some sites were lazy and allowed uucico access to any file in the file system (that was accessible to the uucp user). A common ploy for white hats and black hats was to try uucp remotesys!/etc/passwd ~/remotesys or the like, and see what came in and whether it had any easy hashes (shadow password files didn't quite exist yet). The system known to the uucp world as research! was more careful: / was mapped to /usr/spool/uucp. We left a phony etc/passwd file there, containing plausible-looking entries with hashes that, if cracked, spelled out why are you wasting your time I don't remember whether anyone ever stole it by uucp, though I think Bill Cheswick used it to set up the phony system environment for Berferd to play in (Google for `cheswick berferd' if you don't know the story). Norman Wilson Toronto ON
next reply other threads:[~2019-10-08 18:39 UTC|newest] Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-10-08 18:38 Norman Wilson [this message] 2019-10-08 18:51 ` Arthur Krewat 2019-10-08 21:02 ` Dave Horsfall 2019-10-08 21:22 ` Arthur Krewat 2019-10-09 5:49 ` Nigel Williams 2019-10-09 5:52 ` Nigel Williams 2019-10-09 6:00 ` Warner Losh 2019-10-09 8:16 ` Andy Kosela 2019-10-09 8:53 ` Ken Thompson via TUHS 2019-10-09 9:16 ` Leah Neukirchen 2019-10-09 23:04 ` Dave Horsfall 2019-10-10 6:31 ` Vincenzo Nicosia 2019-10-09 19:59 ` Rob Pike 2019-10-09 20:09 ` Kurt H Maier 2019-10-09 21:05 ` Bakul Shah 2019-10-09 21:09 ` Warner Losh 2019-10-09 21:16 ` Arthur Krewat 2019-10-09 22:05 ` Adam Thornton 2019-10-09 23:28 ` Steffen Nurpmeso 2019-10-11 12:28 ` Anthony Martin 2019-10-09 20:14 ` Arthur Krewat 2019-10-10 20:24 ` Clem Cole 2019-10-10 20:38 ` Nemo 2019-10-10 20:52 ` John P. Linderman 2019-10-11 6:24 ` Dave Horsfall 2019-10-11 11:09 ` William Pechter 2019-10-11 23:46 ` Finn O'Leary 2019-10-12 0:21 ` Arthur Krewat 2019-10-10 8:21 ` Dan Cross 2019-10-10 11:58 ` Arthur Krewat 2019-10-10 12:07 ` Leah Neukirchen 2019-10-18 14:34 ` Arthur Krewat 2019-10-18 15:01 ` Royce Williams 2019-10-18 15:05 ` Royce Williams 2019-10-18 18:32 ` Royce Williams 2019-10-19 13:11 ` John P. Linderman 2019-10-10 13:57 ` Henry Bent 2019-10-10 14:05 ` Arthur Krewat 2019-10-15 16:32 ` Michael Kjörling 2019-10-10 14:10 ` Leah Neukirchen 2019-10-11 2:49 ` Dave Horsfall 2019-10-08 20:52 ` Dave Horsfall 2019-10-08 21:15 ` Michael Kjörling -- strict thread matches above, loose matches on Subject: below -- 2019-10-19 13:45 Norman Wilson 2019-10-19 20:27 ` ewe2 2019-10-19 20:41 ` Arthur Krewat 2019-10-03 18:51 Finn O'Leary 2019-10-03 19:30 ` Leah Neukirchen 2019-10-03 20:41 ` Finn O'Leary 2019-10-03 22:04 ` Steffen Nurpmeso 2019-10-03 23:24 ` Dave Horsfall 2019-10-04 0:59 ` WIlliam Cheswick 2019-10-04 16:08 ` Arthur Krewat 2019-10-04 10:29 ` Leah Neukirchen 2019-10-04 15:05 ` Ken Thompson via TUHS 2019-10-05 18:05 ` Tom Jones 2019-10-08 17:38 ` Arthur Krewat 2019-10-08 20:40 ` Dave Horsfall 2019-10-08 20:57 ` Arthur Krewat 2019-10-09 12:55 ` Leah Neukirchen 2019-10-09 16:17 ` Arthur Krewat 2019-10-05 17:29 ` Michael Kjörling 2019-10-05 17:49 ` Arthur Krewat
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1570559927.29337.for-standards-violators@oclsc.org \ --to=norman@oclsc.org \ --cc=tuhs@tuhs.org \ --subject='Re: [TUHS] Recovered /etc/passwd files' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).