[Courses] [Security] Inside Attacks
Lorne Gutz
lgutz at vistar.ca
Mon Mar 25 16:33:22 EST 2002
I've really expanded my knowledge of
networks, and network security over the last
couple of weeks. I may still may have trouble
explaining the difference between TCP and UDP,
but I have learned that the network is just
one big sieve. It appears to be as vulnerable
as the keyboard, my favorite entry point to
any system.
I will first say a few words about my
experience. Follow that with a few examples
of how easy one can alter any computer you
have physical access to. Then a few hints
on how to make thinks difficult for insiders.
My interest in operating systems started
with SRX-11. Quickly I learned that with
access to a compiler I could change my
group and ID to be anyone, even root. It
came in handy when things had to be reconfigured
and no IT person was around.
From there I moved on the breaking games
on Apple II systems. The challenge was to
break the anti copy systems, never played
many of the games. When Microsoft came along
the anti copy skeems took a giant step
backwards, so I lost interest.
By then I had a UNIX system at work.
Just rooting around I discovered this
encrypted text in the /etc/passwd file just
begging to be decoded. ( before the days of
shadow files.) It only took me 3 or 4
months to realize that all the tools to
decode this was built right into UNIX.
Over the years I have always been on
good terms with the IT people. I always let
them know that I am knocking on the door,
when I have a few idle moments. That way
things are a lot easier when you inform them
that you know the root pass word. (again)
Now an example of bad security at TD
Waterhouse. This is where I do my stock
trading via their Web Broker. I discovered
a back-door into there system. I informed
them, and they said they would get back to
me. Two months passed and I mentioned this
to my next door neighbor. She just happened
to be the senior trader at TD Waterhouse.
She arranged for me to come down and show
her boss that I could get into any account.
There were a few shocked people, but the
security people where still in total denial.
So I left them stew for a day. ( the arrogant
bastards, treated me like scum for finding
their screw up.) I came very close to
making it public on alt.mybank.backdoor.
When they finally came around I got a free
RIM palm pilot and service for two years.
The first mistake here was their method
of choosing passwords. All the upper case
number were not to be used, and no software
checking was done to prevent their use.
Well one of my passwords used one of those
and I never thought much about it until I
had to change passwords and then remembered
a couple of days later that I had used
my old password. Second, arrogance makes
for bad security. As soon as you believe
that your system is unbreakable your guard
is down and your security goes downhill.
From the inside there is no way to
prevent a determined person from breaking in.
If you can reboot a system you can remove
the root password. Then the system is yours
to do with as you please. I could fix any
workstation in less than a minute to send
me your login name and password, when you
next login. Nothing will seem out of place,
your login will seem normal, and once logged
in there will be no trace that I was ever
there. The info can be mailed to me or
left in a public NFS directory, eg /pub or
/tmp then the trogon deletes itself.
We can't all lock up our computers
but the next best thing is a simple screen
saver. It locks up your computer when you
leave, and if its not locked when you return,
your computer has been rebooted.
If something seems strange or out of
place with your workstation ask questions.
Learn how to use 'who', 'uptime', 'history'
and 'last'. Let the IT people know if
unexplainable things happen.
that's it for now folks
Lorne
More information about the Courses
mailing list