Discussion on:
View:
Show:
Back then the Hackers where the ones protecting the systems unless some Bureaucrat was appointed and it was the Bureaucrats who left the systems wide open as that was how the Book if it even existed in their toolkits back them told them to implement Security.
Though to be perfectly fair back then it wasn't common for the Crackers working from their basements at home to Break into Systems simply because the cost of computers was way too expensive and even Governments weren't trying overly hard to crack the Computer Systems as it was easier to get Physical Intelligence.
Now on the other hand with the Proliferation of Windows Systems it's far easier to crack Computer Systems to gain information rather than get the Physical Intelligence. Not to mention far safer for the operatives involved.
Col
Though to be perfectly fair back then it wasn't common for the Crackers working from their basements at home to Break into Systems simply because the cost of computers was way too expensive and even Governments weren't trying overly hard to crack the Computer Systems as it was easier to get Physical Intelligence.
Now on the other hand with the Proliferation of Windows Systems it's far easier to crack Computer Systems to gain information rather than get the Physical Intelligence. Not to mention far safer for the operatives involved.
Col
I think the abuse of the term "hacker" in this article is probably the least of its problems. It's kind of a train wreck of errors, confusion, and miscommunication (though the grammar and spelling are mostly okay), starting with the disastrous attempt to discuss GNU Emacs (or "the GnuEmac word processor").
I received an alert about a virus that was causing a lot of problems and after some research almost thought it was a joke (four to six months ago). The virus was password guessing on an RDP connection with a list of about 20 "common" passwords like "admin" "admin". The alert was rated a medium or sever. Really? People are still using admin admin on their servers?
Bill
Bill
The basic premise of the article -- that people are still idiots about security, in depressingly large droves -- is correct. It's the content that is completely screwed. Pick just about any paragraph and I can probably offer a laundry list of problems. The first paragraph, being nothing but an introduction, isn't so bad, of course.
I'll explain some issues with the second, though, just to give you a hint of what's wrong with this mess. That paragraph says:
QUOTE: The trail began with the hacker entering systems through open, non-administrative accounts and planting a small program in the secure area of Unix through the GnuEmac word processor. This free program (remember shareware?) knew of no secure/non-secure areas of any system, thus it was ideal for copy-paste from a public patch to a secure patch. Then, every five minutes, Unix ran a daemon to check system resources and allocate them. The hacker's program granted him Administrator Super User access! SHAZAM! He would then erase his tracks and begin browsing whatever he could find. Stoll kept a log of his adventure and traced this "scum" (his word) around the world for 10 months as the data lead his search far beyond our shore, over the transatlantic satellites to Europe. Along the way Stoll learned that many "secure" systems were anything but wide open sometimes, badly managed most of the time. Eventually the spy was caught and served time in prison and Stoll became a much wiser guru of systems security.
1. What the heck is "the secure area of Unix"? Is this supposed to refer to parts of the filesystem only the root account is supposed to be able to access? Does he mean something related to kernel space? What exactly does he mean?
2. WTF is "the GnuEmac word processor"? I've heard of GNU Emacs, a text editor so broadly extensible and configurable that it has been jokingly called an operating system -- but it's not called "GnuEmac", and not only is it not anything most of us would call a "word processor", but many habitual GNU Emacs users might be offended (or at least doubled over in laughter) to find someone calling it a "word processor".
3. Someone explain to this guy that "shareware" has nothing to do with the GNU Project's conception of "Free Software".
4. This explanation of how the "shareware" "word processor" "GnuEmac" somehow performed a privilege escalation (or whatever the heck exploit he's trying to describe here) by being ignorant (or whatever the heck dysfunction he's trying to describe there) is so hokey and incoherent I'm not really sure what the heck he's trying to convey. (Let's call point four here the "heck point", considering how much I used the word "heck".)
5. What are "public patches" and "secure patches" in this context, anyway? Is this some computer-related use of the word "patch" to which I have never been exposed, or is he just using terms he's heard in relation to programming and/or security matters the way Star Trek script writers used terms they vaguely recalled from Popular Science headlines? (Hint: it's the latter.)
6. The bit about "every five minutes" sounds technically possible at least, which is a big improvement over some of the rest of what he bungles, but I'm skeptical this explanation survived translation from The Cuckoo's Egg. I'm especially skeptical given the fact that a daemon is a piece of software that runs in the background, generally waiting for specific events to which they are designed to respond. Think "server". You almost certainly don't want your OS to start a new daemon process every five minutes. That just sounds like the world's slowest fork bomb, not a standard behavior of Unix.
So . . . if we strip away the bizarre phrasing (using terms familiar to Unix admins everywhere in ways that sound suspiciously odd), we might end up with something that could conceivably be normal on Unix systems of that day (conceivably, but not terribly likely), if for some reason all Unix systems performed a system resource management sweep of some kind every five minutes exactly. I wasn't using Unix back then. I just really, really doubt that's an accurate description of the circumstances, based on the fact it doesn't make a whole lot of sense.
7. "Administrator Super User!" I want to be one of those! Poor little ol' me, I'm just root, the super user account, with administrative access to the whole system, and that only once in a while -- not Administrator Super User! Maybe we could even spice it up by making it Administrator Super Root User! (This isn't so much an error as just a hilarious display of naive phrasing.)
8. Re: the statement that "He would then erase his tracks . . ." I have a question. How exactly did he get from an automated task executed every five minutes to being logged in (as the Administrator Super User! account, presumably) personally, anyway? I guess it was magic -- or he left out perhaps the most important part of the entire explanation.
---
One last thing about that paragraph -- not really about the technical failings of the article at all, but just a minor peeve of mine. In the words "the data lead his search" he obviously means the past tense form of the verb "lead". That past tense form is spelled "led", not "lead".
The article continues to make errors of terminology, understanding, and presentation throughout its length. Its spelling and grammar issues (e.g. "lead" instead of "led") are pretty minimal, though; most of the errors are the kinds of things prone to leading readers astray, rather than merely looking unprofessional.
edit: By the way, the actual vulnerability was evidently related to mailmove, and not GNU Emacs. While I'm not 100% certain of my memory of the matter, I think the problem was with the way mailmove was installed, and not with mailmove itself inherently ignoring the privilege separation enforced by the OS (something that should be effectively impossible; it's not up to software to obey only if it wants to do so, but to beg for permission, in this case).
I'll explain some issues with the second, though, just to give you a hint of what's wrong with this mess. That paragraph says:
QUOTE: The trail began with the hacker entering systems through open, non-administrative accounts and planting a small program in the secure area of Unix through the GnuEmac word processor. This free program (remember shareware?) knew of no secure/non-secure areas of any system, thus it was ideal for copy-paste from a public patch to a secure patch. Then, every five minutes, Unix ran a daemon to check system resources and allocate them. The hacker's program granted him Administrator Super User access! SHAZAM! He would then erase his tracks and begin browsing whatever he could find. Stoll kept a log of his adventure and traced this "scum" (his word) around the world for 10 months as the data lead his search far beyond our shore, over the transatlantic satellites to Europe. Along the way Stoll learned that many "secure" systems were anything but wide open sometimes, badly managed most of the time. Eventually the spy was caught and served time in prison and Stoll became a much wiser guru of systems security.
1. What the heck is "the secure area of Unix"? Is this supposed to refer to parts of the filesystem only the root account is supposed to be able to access? Does he mean something related to kernel space? What exactly does he mean?
2. WTF is "the GnuEmac word processor"? I've heard of GNU Emacs, a text editor so broadly extensible and configurable that it has been jokingly called an operating system -- but it's not called "GnuEmac", and not only is it not anything most of us would call a "word processor", but many habitual GNU Emacs users might be offended (or at least doubled over in laughter) to find someone calling it a "word processor".
3. Someone explain to this guy that "shareware" has nothing to do with the GNU Project's conception of "Free Software".
4. This explanation of how the "shareware" "word processor" "GnuEmac" somehow performed a privilege escalation (or whatever the heck exploit he's trying to describe here) by being ignorant (or whatever the heck dysfunction he's trying to describe there) is so hokey and incoherent I'm not really sure what the heck he's trying to convey. (Let's call point four here the "heck point", considering how much I used the word "heck".)
5. What are "public patches" and "secure patches" in this context, anyway? Is this some computer-related use of the word "patch" to which I have never been exposed, or is he just using terms he's heard in relation to programming and/or security matters the way Star Trek script writers used terms they vaguely recalled from Popular Science headlines? (Hint: it's the latter.)
6. The bit about "every five minutes" sounds technically possible at least, which is a big improvement over some of the rest of what he bungles, but I'm skeptical this explanation survived translation from The Cuckoo's Egg. I'm especially skeptical given the fact that a daemon is a piece of software that runs in the background, generally waiting for specific events to which they are designed to respond. Think "server". You almost certainly don't want your OS to start a new daemon process every five minutes. That just sounds like the world's slowest fork bomb, not a standard behavior of Unix.
So . . . if we strip away the bizarre phrasing (using terms familiar to Unix admins everywhere in ways that sound suspiciously odd), we might end up with something that could conceivably be normal on Unix systems of that day (conceivably, but not terribly likely), if for some reason all Unix systems performed a system resource management sweep of some kind every five minutes exactly. I wasn't using Unix back then. I just really, really doubt that's an accurate description of the circumstances, based on the fact it doesn't make a whole lot of sense.
7. "Administrator Super User!" I want to be one of those! Poor little ol' me, I'm just root, the super user account, with administrative access to the whole system, and that only once in a while -- not Administrator Super User! Maybe we could even spice it up by making it Administrator Super Root User! (This isn't so much an error as just a hilarious display of naive phrasing.)
8. Re: the statement that "He would then erase his tracks . . ." I have a question. How exactly did he get from an automated task executed every five minutes to being logged in (as the Administrator Super User! account, presumably) personally, anyway? I guess it was magic -- or he left out perhaps the most important part of the entire explanation.
---
One last thing about that paragraph -- not really about the technical failings of the article at all, but just a minor peeve of mine. In the words "the data lead his search" he obviously means the past tense form of the verb "lead". That past tense form is spelled "led", not "lead".
The article continues to make errors of terminology, understanding, and presentation throughout its length. Its spelling and grammar issues (e.g. "lead" instead of "led") are pretty minimal, though; most of the errors are the kinds of things prone to leading readers astray, rather than merely looking unprofessional.
edit: By the way, the actual vulnerability was evidently related to mailmove, and not GNU Emacs. While I'm not 100% certain of my memory of the matter, I think the problem was with the way mailmove was installed, and not with mailmove itself inherently ignoring the privilege separation enforced by the OS (something that should be effectively impossible; it's not up to software to obey only if it wants to do so, but to beg for permission, in this case).
I agree with all of apotheon's points and wish to add a couple of my own.
There was indeed an Internet (mostly as we know it) in 1989, with DNS, DHCP, email, newsgroups, FTP sites, etc. It had long sinced bypassed it's ARPANET roots. What we didn't have was a graphical Internet, i.e. the World Wide Web, or search engines like Google, Bing, Yahoo, Lycos, et. al. Our searches were done by spiders, or gopher.
He also neglected to note that universities and large businesses significantly outnumbered the number of military installations with an Internet presence in 1989. Most of the connections in these institutions were via an Ethernet or Token-Ring 10Mbit connection, while the backbone connections were via T1 or (in rare cases) DS3. My personal (at home) connection was a 9600 baud Telebit Trailblazer modem.
I'll concede that the Internet wasn't nearly as ubiquitous as it is today, and there was still a significant minority of machine-machine connections that were made with UUCP while a lot of email was sent using bang-path addressing. But I can recall universities in Finland, Japan, Australia and elsewhere coming online with always-on Internet connections through trans-oceanic cables.
While most of the BBS systems of the day (Compuserve, etc.) were only available at 2400 baud, they weren't part of the Internet. Just because the author was ignorant of the Internet in 1989 doesn't mean that it didn't exist.
ron
There was indeed an Internet (mostly as we know it) in 1989, with DNS, DHCP, email, newsgroups, FTP sites, etc. It had long sinced bypassed it's ARPANET roots. What we didn't have was a graphical Internet, i.e. the World Wide Web, or search engines like Google, Bing, Yahoo, Lycos, et. al. Our searches were done by spiders, or gopher.
He also neglected to note that universities and large businesses significantly outnumbered the number of military installations with an Internet presence in 1989. Most of the connections in these institutions were via an Ethernet or Token-Ring 10Mbit connection, while the backbone connections were via T1 or (in rare cases) DS3. My personal (at home) connection was a 9600 baud Telebit Trailblazer modem.
I'll concede that the Internet wasn't nearly as ubiquitous as it is today, and there was still a significant minority of machine-machine connections that were made with UUCP while a lot of email was sent using bang-path addressing. But I can recall universities in Finland, Japan, Australia and elsewhere coming online with always-on Internet connections through trans-oceanic cables.
While most of the BBS systems of the day (Compuserve, etc.) were only available at 2400 baud, they weren't part of the Internet. Just because the author was ignorant of the Internet in 1989 doesn't mean that it didn't exist.
ron
I ultimately just found myself overwhelmed with everything that was wrong and gave up listing problems. In retrospect, I even found problems in the single paragraph I addressed that I had overlooked, to say nothing of the rest of the article, but I had to get on with my life at some point.
Between the two of us, we could probably write a short book about the problems with this article, but I'm not sure there's a point. While I haven't read it, I'm sure The Cuckoo's Egg already sets that record much straighter than this article suggests.
Between the two of us, we could probably write a short book about the problems with this article, but I'm not sure there's a point. While I haven't read it, I'm sure The Cuckoo's Egg already sets that record much straighter than this article suggests.
Was a very good read, particularly for its day. I was involved with a military R&D center at the time and was sys admin for about four local systems. It was enlightening at the time to realize how vulnerable many allegedly "secure" systems were. This was particularly true if the mainfraime was, for example, a Digital Equipment Corp (DEC) computer. The contractor techs routinely left the system's "back door" access set to "Field" and "Service" respectively for the username and password! By the way, Stoll pointed this out in his book.
While the story is "old," the one point this article makes, although poorly, is that much of the same thing is going on today - multiplied many times over.
For those of you who haven't read it, The Cuckoo's Egg is, at the very least, an excellent detective story. At best, it can be an eye-opener even today.
While the story is "old," the one point this article makes, although poorly, is that much of the same thing is going on today - multiplied many times over.
For those of you who haven't read it, The Cuckoo's Egg is, at the very least, an excellent detective story. At best, it can be an eye-opener even today.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
