[3362] in bugtraq
SecurID
daemon@ATHENA.MIT.EDU (Peiter Z)
Mon Sep 16 23:41:28 1996
Date: Tue, 17 Sep 1996 04:53:36 -0600
Reply-To: Peiter Z <peiterz@secnet.com>
From: Peiter Z <peiterz@secnet.com>
X-To: adam@homeport.org, Firewalls@GreatCircle.com, hobbit@avian.org,
malex@kersur.net, mcn@EnGarde.com, mudge@l0pht.com
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
Vin wrote:
> PeiterZ reported that he and his associates were able to penetrate
>SecurID-protected systems, apparently from the Internet. I don't doubt it,
>particularly if he was using TCP-splicing with, say, Hobbit's Netcat. An
>OTP, admittedly, does not secure the network.
We did not use TCP-splicing / session hi-jacking to penetrate
the SecurID-protected systems. The attacks we used are in the white paper
at ftp://ftp.secnet.com.
PeiterZ
