Slashdot Mirror

← Back to Stories (view on slashdot.org)

Getting Hacked Through Your Terminal

Posted by timothy on from the nothing-new-under-the-sun dept.

hdm writes "My company recently published a paper on security issues with common terminal emulator applications. The interesting thing about these vulnerabiltiies is that many of them only require the victim to be running tail on their log files (apache, syslog, etc) for the attack to be successful. The paper (TXT) can be found here."

9 of 204 comments (clear)

  1. A simple solution by Giant+Ape+Skeleton · · Score: 4, Funny

    Given the profliferation of exploits related to race conditions, predictible file creation, etc,
    we should henceforth re-tool our code to only make use of stateless protocols!
    ;-)

    --
    The difference between stupidity and genius is that genius has its limits.
    1. Re:A simple solution by Anonymous Coward · · Score: 1, Funny

      You mean like HTTP?
      No-one was ever attacked through port 80.

  2. Reinventing by Sarcazmo · · Score: 5, Funny

    So they discovered ANSI bombs over again.

    Simple! Just tell Linux not to load ANSI.SYS, problem solved!

    1. Re:Reinventing by xchino · · Score: 2, Funny

      Those were fun... remapping all keys to delete fun files, and then mapping the backspace key as enter :)

      Worked quite often...

      --
      Everyone is entitled to their own opinion. It's just that yours is stupid.
  3. Talk is cheap. by FreeLinux · · Score: 2, Funny

    Another day, another vulnerability. These exploits are getting more bizzare and more useless every day. The risk factor here is ridiculously low.

    I don't want to here about anymore useless exploits or no risk vulnerabilities. If you really want my window title, I'll telll you what it is; Getting Hacked Through Your Terminal - Konqueror

    Now, when someone gets an exploit to replace the Slashdot ads with Goatse, then I'll be impressed.

  4. This isn't a big problem. by Dthoma · · Score: 3, Funny

    Someone has to be using a terminal for someone to be able to do this to them. Is it just me, or is the solution really obvious? Just chmod every thing with a command line to 000! That should keep those naughty, naughty crackers out!

    --

    Note to M1-ers: a curt but otherwise insightful message is not "Flamebait" or "Troll".

  5. Re:TXT? by spinlocked · · Score: 4, Funny

    In my neck of the woods TXT is practically synonymous with text messaging. No, actually it's, synonymous with the delivery of TXT msg svrl hrs aftr u snt thm...

    --
    # init 5
    Connection closed.

    Oh... ...bugger.
  6. Re:Mac OSX by Waffle+Iron · · Score: 4, Funny
    It is possible to alias different escape sequences to commands like lm and ll to make the terminal full screen, send it to the background, make it tall, etc.

    The bad news: Evil black hat hackers can use remote exploits to move the OSX terminal around the screen.

    The good news: With the velvet smooth animated motion, harmonizing colors, translucent effects and drop shadows, being 0wned has never looked better!

  7. Re:Most exploits by Anonymous Coward · · Score: 1, Funny

    BOSCO!