Slashdot Mirror


Getting Hacked Through Your Terminal

hdm writes "My company recently published a paper on security issues with common terminal emulator applications. The interesting thing about these vulnerabiltiies is that many of them only require the victim to be running tail on their log files (apache, syslog, etc) for the attack to be successful. The paper (TXT) can be found here."

4 of 204 comments (clear)

  1. A simple solution by Giant+Ape+Skeleton · · Score: 4, Funny

    Given the profliferation of exploits related to race conditions, predictible file creation, etc,
    we should henceforth re-tool our code to only make use of stateless protocols!
    ;-)

    --
    The difference between stupidity and genius is that genius has its limits.
  2. Reinventing by Sarcazmo · · Score: 5, Funny

    So they discovered ANSI bombs over again.

    Simple! Just tell Linux not to load ANSI.SYS, problem solved!

  3. Re:TXT? by spinlocked · · Score: 4, Funny

    In my neck of the woods TXT is practically synonymous with text messaging. No, actually it's, synonymous with the delivery of TXT msg svrl hrs aftr u snt thm...

    --
    # init 5
    Connection closed.


    Oh... ...bugger.
  4. Re:Mac OSX by Waffle+Iron · · Score: 4, Funny
    It is possible to alias different escape sequences to commands like lm and ll to make the terminal full screen, send it to the background, make it tall, etc.

    The bad news: Evil black hat hackers can use remote exploits to move the OSX terminal around the screen.

    The good news: With the velvet smooth animated motion, harmonizing colors, translucent effects and drop shadows, being 0wned has never looked better!