Misc ideas & comments

reti@ai.mit.edu reti@ai.mit.edu
Fri, 27 Mar 1998 20:00 -0500

    Date: Fri, 27 Mar 1998 16:23 EST
    From: Rodrigo Ventura <yoda@isr.ist.utl.pt>

    >>>>> "David" == David Tillman <dtillman@cannonexpress.com> writes:

	David>     Comments? How did Lip machines store user info?

	    I have a LispM nearby, and I'll never forget the day I
    installed TCP/IP and tryed to telnet from a PC to the LispM. The LispM
    didn't even ask for user/passwd and gave me a lisp listener. 
For the record, this isn't quite accurate.  You could alway deny any service
by IP address (the concept of trusted hosts).  It is true that in older releases
the default was to trust anyone, but that was changed quite quickly to defaulting
to trust no one.								 
								 Then, for
    fun, I tried "(shutdown)", and it worked! That day I realized I could
    never leave the LispM permanently connected to the net. Anyone could
    telnet and do the more horrible things to it. Even at the console
    there were no passwd. A "(login 'username)" was enought to get into
    anyones account.



    *** Rodrigo Martins de Matos Ventura, alias <Yoda>
    ***  yoda@isr.ist.utl.pt, http://www.isr.ist.utl.pt/~yoda
    ***   Instituto de Sistemas e Robotica, Polo de Lisboa
    ***    Instituto Superior Tecnico, Lisboa, Portugal
    ***     PGP Public Key available on my homepage
    *** Key fingerprint = 0C 0A 25 58 46 CF 14 99  CF 9C AF 9E 10 02 BB 2A