Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You don't need a password to be echoed to exfiltrate it. You just need the key codes. Not sure about NeXTStep, but regular old X let you sniff keys really easily.

Some systems (specifically, earlier versions of SGI IRIX) shipped with X authorization disabled by default. This is the equivalent of "xhost +". You could sniff a box as soon as it was plugged into the network, including capturing login session credentials, all terminal commands, and anything else. When they su'd to root, yes, you'd capture the root password.

In those days (mid 90's) almost nobody was running firewalls. At least, nobody in these parts. Putting your "office on the Internet" meant raw, unfiltered IP.



These days too, IPv6 tends to be firewall-free. In theory there are protections though, like regularly changing suffixes.

Do MacOS and Ubuntu ship with firewalls?


Most consumer routers should at least be doing basic inbound connection filtering for IPv6. Are they not?

MacOS and Ubuntu ship with firewalls, though not sure if they're enabled by default.


I checked one big ISP, boasting 99% IPv6 coverage, and the IPv6 firewall is opt-in, and considering how many people change their settings...

(For those that might not be aware of it : with IPv6, there's no NAT, since there's no need for it.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: