
  Following is a break-in resulting from someone using an easy to
guess password.  Fortunately, I was sitting at the console watching
the whole time.  The following text is taken directly from the 
SYSOP CBBS log, with my comments added after the "<===" arrows.

  ***Please don't make it easy to break in here by using a simple
password!***

  In the future, all passwords will be prefixed with the user's last
name and a ":" (e.g. John Smith's password was "FERN" and will
be "SMITH:FERN").  Two week's notice will be given before this change
takes place, and it will be announced in the sign-on message.

  Since this will be a real pain to enter for each user area change,
I'm changing the USER program to only require a user to log-in once
each call.  That way, user area changing will not require re-typing the
password each time.

  (The log is kept by the CAPTURE program, which records time in and
baud rate, along with ALL console input, including control characters.)
							-Dave Hardy

(System in "BYE" mode)
==>OUT: TIME  23:25:16 EDT   DATE  02/08/84 AT 450 BAUD
				<=== Garbage while sensing baud-rate
0				<=== Answer to "How Many Nulls" question

==>IN:  TIME  23:57:32 EDT   DATE  02/08/84 AT 300 BAUD
USER 1				<=== Twit tries to log in 
0GEORGE0
012356
011234				<=== 3 bad PW's
USER 2
0GEORGE0
0GEORGE0
FUCK YOU			<=== 3 more bad ones, but this time he shows
USER 3				<=== his IQ
HELLO
23489
TEWENTY LETTERS			<=== Hmmm, let's try other user areas...
USER 4
TWENTYLETTERS			<=== msg in access application on TCBBS
CHARACTERS			<=== says use up to 20 chars in your pw...
1W2E3F
DIR				<===No luck, so lets see what's in user 0
B:
DIR
C
C:
DIR
D:
DIR
USER 1				<=== Try to break out of user 0 again...
2468WHODO
2468WHODOWEAPPRCFUCKYOUHARDY    A:
USER 1
97531
UNCTIONSPD
WPRDSPD
BYDIR
SD
XMODEM
MINICBSBBS
USER 1				<=== One last try.
OXGATE				<=== Oh oh.  This is (was) a valid PW
DIR				<=== I let him look around as long as he
B1:				<=== didn't hurt anything.
B:
DIR
C:
DIR
LDIR OSDAUTO			<=== This twit may be an Osborne user (who
LDIR OSDDAUTO			<=== else would take this stuff???)
LTYPE OSDDAUTO OSDDAUTO.DQC
^S^SSD OSFDDAUTO			<=== Ctl-S's to stop scroll, ctl-H to BS
SD OSDDAUTO.LBR
XMOEDMEEM S OSDDAUTO.LBR
XMODEM S OSDDAUTO.LBR		<=== I let him XMODEM this, since it's PD
D:
DIR
D2:
A:
DIR
B:
USER 2				<=== Hmmm, USER 2 is NOT PD.  Look but don't
DIR				<=== touch...
USER 2
USER 3
DIR
USER 4
SDIR
A:
DIR
USER 3
DIR
USER 2
WHATSNEW
DIR
B:
DIR
USER 3
DIR
USER 4
DIR
C:
DIR
USER 3
DIR
USER 2
DIR
USER 1
DIR
TYPE LTYPE STRTRK-0
LDIR STRTRK-0
D:
DIR
SUSER 2
DIR
USER 3
DIR
USER 4
DIR
USER 5
OXGATE
USER 6				
OXGATE
DIR
TYPE SIG/M42.LIB
^XDIR
ISUSER 8
OXGATE
DIR
USER 9
OXGATE
USER 7
OXGATE
DIR
A:
DIR
USER 6
OXGATE
DIR
USER 8
OXGATE
DIR
USER 1
OXGATE
DIR
TYPE PRUN11.DQC
^XB:
USER 2
DIR
A:
MINICBBS			<=== CAN'T LET HIM IN HERE!
OXGATE

OXGATE
G;N				<=== So I signed him out, quickly
;;MSG FROM SYSTEM OPERATOR: who is this?

BYE				<=== Twit did this instead of answer

==>OUT: TIME  00:25:06 EDT   DATE  02/09/84 AT 300 BAUD
				<=== Twit tied up system for almost 30 minutes


