From: | Ereskanti <Ereskanti@***.COM> |
---|---|
Subject: | Re: Weird Campaigns |
Date: | Thu, 21 May 1998 08:18:34 EDT |
gurth@******.NL writes:
> Partly related to this, I thought about security tallies about a week ago,
> and it suddenly dawned on me that it should be possible to erase or
> inflate them... After all, it's just data kept on a computer somewhere, so
> the decker should be able to in- or decrease the counter. However, looking
> through VR 2.0 I couldn't find a system operation that allows this...
Dump Log action reduces things, but it takes time. I know we've got a
program/form that reduces a given security tally, but the program is Net
Success based and the decker has to have an idea how intensive the Tally is
currently (such as after performing an Analyze Host).
> The way to go about this would, I guess, be to do a Locate File to find
> the file (or memory address) containing the security tallies, and then an
> Edit File operation to change them. If you do a Validate Passcode or
> Invalidate Passcode before this, you should be able to erase your security
> tally and appear a completely legitimate user, or do the opposite for
> security deckers.
That would work as well, now that I think of it. That last part for Security
Deckers would be nice once in a while too. The action times, at least IMO,
would take longer however, as the program is trying to perform a Search of all
given databases.
> However, I think there'd be some protection built into the system, for
> example that only supervisor-level users can alter security tallies. Any
> thoughts?
Agree here, you'd probably have larger than normal target numbers for
performing such, and it would NOT be possible at without the Masking Attribute
(so no using a legit deck/terminal for this stunt).
-K