[Info-vax] VMS v8.4 disk corruption

[Michael Moroney]

koehler at eisner.nospam.encompasserve.org (Bob Koehler) writes:

>In article <4c61bfa2$0$6090$c3e8da3 at news.astraweb.com>, JF Mezei <jfmezei.spamnot at vaxination.ca> writes:
>> 
>> Personally, I find the ability to see what passwords are being used
>> during an attack to be extremely important. Telling whether they are
>> using radom/common passwords from a dictionary or whether they are using
>> brute force, or whether they seem to have a valid password are all very
>> important distinctions.

>   How do you know what the valid password is for someone else's
>   account?  Or are you the only user on these systems?

I've seen things where breakin messages were going to the operator's
console with things like this:

Breakin attempt for user FOOBAR
...
Password: SEXYLADY1

Breakin attempt for user FOOBAR
...
Password: SEXYLADY2

Breakin attempt for user FOOBAR
...
Password: SEXYLADY3

Breakin attempt for user FOOBAR
...
Password: <valid>

Breakin attempt for user FOOBAR
...
Password: SEXYLADY5
...

The actual incorrect passwords are part of the OPCOM message, and a
valid password was replaced by the string "<valid>". 
The login was denied due to breakin evasion already in force.
It can be obvious from the pattern what the real password is.
Regardless, it's definite that they did enter a valid password.

This is how it worked a while ago, I don't know what it does now.