Forwarded From: Aleph One <aleph1@nationwide.net>
[ I didnt catch this one until recently. Interesting it didnt get more
play on the news. - a1 ]
http://cgi.pathfinder.com/netly/editorial/0,1012,1915,00.html
Design Disasters
by [11]Lev Grossman, Steve Baldwin and Declan McCullagh April 20,
1998
[ snip ]
* * *
A friend of Netly's was poking around one of InterNIC's ftp
servers last week -- let's not ask why -- when he noticed a file
called "core" in the root directory, suggesting that a core dump had
taken place. If you're trying to hack into a computer, one way to do
it is to trick an application with root privileges into doing a core
dump and then overwriting a password file; this -- coupled with the
fact that the file size was exactly [30]68040 -- tipped our friend off
that the machine was under attack. Since he was in a public-spirited
mood, he called up InterNIC to tell them about it. He was passed up
the supervisor chain a couple of times, until finally InterNIC told
him that the server in question, [31]ds.internic.net, was "not our
problem," that AT&T was administering it. But when InterNIC
double-checked, they discovered that AT&T's control of the server had
lapsed on April 1, and that nobody had been watching it for two and a
half weeks. Creation date of the core file? April 1.
For the records, the file contained the following: a message from
the [32]Klan of the Bloodstained Blade claiming responsibility;
instructions for hacking a Cisco router; passwords for a handful of
porn sites; and information on how to raise marijuana. You kids play
nice, now.
* * *
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Dimensional Communications (www.dim.com)
Received on Thu Apr 30 22:33:32 1998