home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.security.misc
- Path: sparky!uunet!charon.amdahl.com!pacbell.com!decwrl!sun-barr!ames!saimiri.primate.wisc.edu!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!uchinews!quads!wag5
- From: wag5@quads.uchicago.edu (john peter wagner)
- Subject: Mundane Decoy
- Message-ID: <1992Nov5.225408.13518@midway.uchicago.edu>
- Sender: news@uchinews.uchicago.edu (News System)
- Reply-To: wag5@midway.uchicago.edu
- Organization: University of Chicago Computing Organizations
- Date: Thu, 5 Nov 1992 22:54:08 GMT
- Lines: 22
-
- In response to an earlier poster's intent to find a secure method of
- protecting the ibm hard drive, perhaps a decoy could be used. That is,
- make your intital password system time-sensitive; add a single decimal
- digit for the hour and another for the ones-digit in the day of the month.
- Thus, one could have a relatively simple password made more complex-
- Ex.-gibber37, could be a valid password at 3:15pm, on , say, Nov. 27.
- A trojan would record the inputted password for the password. As soon
- as it is used on the system incorrectly by the hacker(The only way to use
- the same password correctly is to use it in a ten-day increment, or whatever.)
- The system would then allow the hacker into a prepared decoy-system, which
- would have little useful data, probably 'crashing' at the first execution
- of any binary file. Warning messages would be sent to everyone to change
- their passwords and even to redefine the modification of the time-generated
- password scheme(Soem other numbers used, etc.). Note, the decoy system
- should have a password or user file or whatever which will give re-access
- to the decoy for any of the passwords listed on it.
-
- Only an idea.
-
- John
-
-
-
