risks@CSL.SRI.COM (RISKS Forum) (10/03/89)
RISKS-LIST: RISKS-FORUM Digest Monday 2 October 1989 Volume 9 : Issue 30
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
*** APOLOGIES FOR CONTINUED MULTIPLE-COPY PROBLEMS. SENDMAIL FIXES ***
*** IN THE WORKS. HACK ATTEMPTED TO BYPASS IT THIS TIME. PGN ***
The Cuckoo's Egg (Cliff Stoll)
Internet cracker on the loose (Barry Lustig)
Late night system administration == trouble on SunOS 4.x (Angela Marie Thomas)
Date manipulation and end of millennia (Pete Lucas)
Re: An interesting answer to the distributed time problem (Randall Davis)
Re: Man-Machine Failure at 1989 World Rowing Championships (Randall Davis)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome.
CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line
(otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM.
TO FTP VOL i ISSUE j: ftp CRVAX.sri.com<CR>login anonymous<CR>AnyNonNullPW<CR>
cd sys$user2:[risks]<CR>get risks-i.j . Vol summaries now in risks-i.0 (j=0)
----------------------------------------------------------------------
Date: Sat, 30 Sep 89 23:59:05 edt
From: cliff%cfa253@harvard.harvard.edu (Cliff Stoll)
Subject: The Cuckoo's Egg
The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage,
by Cliff Stoll, Doubleday, 1989, ISBN 0-385-24946-2 $19.95
Book Review by Louise Bernikow, Cosmopolitan, Oct. 1989
Here's a first -- the true story of a man who notices a seventy-five cent
discrepancy in a computer's accounting system and runs the error down until it
leads to a real live spy ring. Even if you don't know a byte from a bagel,
this book will grip you on page one and hold you as ferociously as the best
mystery stories.
It is astrophysicist-turned-systems-manager Cliff Stoll's first week on the job
at a lab in Berkeley, California. The error turns up, and he tries to figure
out why, partly as an exercise in learning about the computer system he's going
to be working with. Almost immediately, he discovers that somebody had been
breaking into the computer network using a fake password. That discovery leads
him to other break-ins in other computers, including some in military
installations. He alerts the FBI, which, since he has lost neither half a
million dollars nor any classified information, says, "Go away, kid."
Stoll presses on, sleeping under his desk at night, monitoring the system -- a
hound waiting for the fox to come out in the open. There is suspense aplenty,
but it's the intensely human, often funny voice of the man on the trail that
makes this book so wonderful. Stoll's girlfriend, Martha, a law student, seems
like one smart and delightful cookie, and she puts up with his obsession pretty
well. In the end, Stoll becomes a national hero. The play-by-play is nothing
short of fascinating.
------------------------------
Date: Mon, 02 Oct 89 14:52:08 PST
From: barry@ads.com
Subject: Internet cracker on the loose
There is a cracker on the loose in the internet. This is the information
I have so far. Traces of the cracker were found at the Institute for
Advanced Studies in Princeton. He also left traces at one of the Super
computer centers. Both CERT and the FBI have been called.
The technique that is being used is as follows:
1) He has a modified telnet that tries a list passwords on accounts. Username
forwards and backwards, username + pw, etc.
2) He seems to have a program call "ret", that is breaking into root.
3) He seems to be getting a list of victim machines via people's
.rhosts files.
4) He copies password files to the machines that he is currently
working from.
5) He is good about cleaning up after himself. He zeros out log files
and other traces of himself.
6) The breakins are occurring bwtween 10pm Sunday night and 8am Monday
morning.
7) He seems to bring along a text file of security holes to the
machines he breaks into.
8) Backtracing the network connections seem to point to the Boston
area as a base of operations.
The sys admin at IAS found a directory with the name ".. " (dot dot
space space). The files I mentioned above were found in this
directory.
Barry Lustig, Advanced Decision Systems barry@ads.com (415) 960-7300
------------------------------
Date: Sat, 30 Sep 89 01:33:31 EDT
From: Angela Marie Thomas <thomas@shire.cs.psu.edu>
Subject: Late night system administration == trouble on SunOS 4.x
It's another late night of system administration. Tonight the task is
time consuming, but relatively simple: Repartition the disks on a
Sun4/280 running 4.0.3 to distribute the load to a new disk. No big deal.
I partitioned the new disk and dump|restore'd most of the stuff from
the old disk onto it and rebooted off of the new disk. I then
proceeded to repartition and newfs the old disk. No problems so far.
I was about to dump|restore /usr from the new disk back to the old disk
(yes, / and /usr are on two different disks) so I mounted xy0g onto
/mnt. At least, that's what I *intended* to do. My fingers typed
"mount /dev/xy0a /usr" instead. OOPS! Well, no real harm done. I'll
just pop over to /sbin and umount the device. WRONG! It seems that
/sbin has enough programs in it to get you into trouble, but not enough
to get you out of it. No dump, no restore, no umount. I couldn't even
sync;sync;halt the system. Oh, mount is there. I could mount more
newly newfs'd filesystems onto /usr until my face turned blue. I can't
believe it. It was as if I had just stumbled into a cul-de-sac. The
only damage done was to me, not the machine. Sigh.
Sun, if you're listening, please, please, please put statically linked
umount, dump, restore, sync and halt in /sbin. Nine times out of ten,
those are the programs I want when I *need* /sbin.
Angela Thomas NSFNET: thomas@shire.cs.psu.edu
------------------------------
Date: Thu, 28 Sep 89 15:51:09 BST
From: "Pete Lucas, NERC-TLC Swindon U.K." <PJML@ibma.nerc-wallingford.ac.uk>
Subject: Date manipulation and end of millennia
Date processing; anyone interested in digging out some definitive works should
try the following:
Ohms B.G (1986) 'Computer processing of dates outside the twentieth century' IBM systems journal vol 25 no. 2
Uspensky J.V. and Heaslet M.A. (1939) 'Elementary Number Theory'. Mcgraw-Hill
Whitrow G.J. (1988) 'Time in History' Oxford University Press, Oxford U.K.
Much of the relevant work in Whitrow (1988) is based on the works of
the French astronomer Jean-Baptiste Delambre (1749-1822).
Anybody who is interested, I have robust examples of routines for the
manipulation of dates, and examples of routines (written in REXX
but easily translated to FORTRAN if you so desire).
It has been suggested that if the year is divisible by 4000 then it
should NOT be considered a leap-year. Anyone writing code thats likley
to be around 2000 years hence???
>-=Pete=-<
------------------------------
Date: Thu, 21 Sep 89 20:27:33 edt
From: davis@ai.mit.edu (Randall Davis)
Subject: Re: An interesting answer to the distributed time problem (RISKS-9.26)
> Take any of the thousands of closed circuit TVs in the
*******************************
> hospital and set it to channel 6 and you get a picture of a clock.
> Somewhere there is a TV camera pointed at a good old sweep-secondhand
> analog clock, and that's what you see on
> channel 6. Sometimes low-tech solutions are the best.
Thousands of TVs? An expensive television camera doing nothing but sitting
there focused on a clock? All those cables, monitors, all that power,
bandwidth to burn on the network, etc.?
And you call this a **low tech** solution because the clock is analog? Egad.
Perspectives have been rather skewed.
(Low tech would be a human being walking around with a chronometer re-setting
all those clocks by hand.)
------------------------------
Date: Thu Sep 21 21:29:32 1989
From: davis@ai.mit.edu (Randall Davis)
Subject: Re: Man-Machine Failure at 1989 World Rowing Championships (RISKS-9.26)
On the other hand, I am surprised that in a sport so close to being
natural (apart from computer designed shells) a computer would be
permitted on-board.
A ``natural'' sport? With exotic materials used in the fixtures and in some
oars, tanks designed as artificial rivers to row in during the winter,
nautilus machines for strength training, attention to nutrition, etc., etc....
Sports haven't been ``natural'' since the Greeks ran the Olympics in the buff.
Technology knows no bounds! PGN]
Indeed, much like imagination.
[I think no sports are natural anymore. The use of computers in baseball
is startling. Basketball may be fairly natural. However, with all the
steroids, drugs, etc., however, one is never sure what is going on. PGN]
------------------------------
End of RISKS-FORUM Digest 9.30
************************