Back to the main page

Mailing List Logs for ShadowRN

Message no. 1
From: The Powerhouse <P.C.Steele@*********.AC.UK>
Subject: Computer Hacking
Date: Fri, 11 Feb 1994 14:30:17 +0000
I know this is nothing to do with shadowrun but I think it's important.
Recently there has been a large amount of hacking in the internet. It has
been carried out largely by people using sniffer programs that utilise a bug
in /dev/nit to scan the network traffic and capture passwords which are
transmitted as pure text.

The authorities are aware of the problem but unless you read the right newgroups
it's quite possible to know nothing of thr problem. At the moment the advice
is to change your password if you log onto remote machines as it is these
passwords that the hackers are catching. If no one is aware pf the problem
at your site then the administrator should be informed who should take
appropiate steps to limit who can and can't get access to /dev/nit.

As for long term solutions I think the only way is to get some form of
encryption so that the passwords only travel over the net in their encrypted
format. This however will take some time.

If you are an adminisitrator for your system I strongly suggest reading the
RISKS forum, CERT (yes, I did already know about it Rob) has issued guidelines
on exactly how to control access to /dev/nit, as well as some very good general
security guidelines.

Phill.
--
Phillip Steele - Email address P.C.Steele@***.ac.uk | Fighting against
Department Of Electrical & Electronic Engineering | Political Correctness !
University Of Newcastle Upon Tyne, England |
Land of the mad Geordies | The Powerhouse
Message no. 2
From: "Robert A. Hayden" <hayden@*******.MANKATO.MSUS.EDU>
Subject: Re: Computer Hacking
Date: Fri, 11 Feb 1994 14:41:44 -0600
On Fri, 11 Feb 1994, The Powerhouse wrote:

> Recently there has been a large amount of hacking in the internet.

No, recently there has been a large amount of DETECTABLE hacking.
Hacking has always taken place, simple that people found a bug and are
exploiting it, and suddenly everyone is notcing.

> If you are an adminisitrator for your system I strongly suggest reading the
> RISKS forum, CERT (yes, I did already know about it Rob)
ie, big brother,
> has issued guidelines
> on exactly how to control access to /dev/nit, as well as some very good general
> security guidelines.

Sorry, not to flame, but I don't feel this is approbpriate to this list.
I doubt there are many administrators on this list, and those that are
can be expected to get this information elsewhere.

So offense :-)

____ Robert A. Hayden <=> hayden@*******.mankato.msus.edu
\ /__ -=-=-=-=- <=> -=-=-=-=-
\/ / Finger for Geek Code Info <=> In the United States, they
\/ Finger for PGP 2.3a Public Key <=> first came for us in Colorado...
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)

Further Reading

If you enjoyed reading about Computer Hacking, you may also be interested in:

Disclaimer

These messages were posted a long time ago on a mailing list far, far away. The copyright to their contents probably lies with the original authors of the individual messages, but since they were published in an electronic forum that anyone could subscribe to, and the logs were available to subscribers and most likely non-subscribers as well, it's felt that re-publishing them here is a kind of public service.

Thwap!