We went over the password authentication mechanism, the idea of a hot-key or secure attention sequence to provide a trusted path to the operating system, the lack of a trusted path in Unix, the idea of a Trojan horse login program, the lack of a trusted path when logging onto a machine via the network (via telnet, for example), and I also mentioned the existence of better protocols for authentication.
We went over the strength of passwords -- did a quick back-of-the-envelope calculation of the search time needed to break into an account assuming randomly chosen passwords, and showed that it would take many years. We went over the weaknesses of passwords: users chose poor ones, and the trusted path assumption (above).
I also went over the fingerd bug which the Internet Worm exploited to propagate itself from one machine to the next. (It also attacked passwords using a dictionary and exploited other common security holes.)
bsy@cse.ucsd.edu, last updated