RISKS-LIST: RISKS-FORUM Digest Monday 2 October 1989 Volume 9 : Issue 30 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: *** APOLOGIES FOR CONTINUED MULTIPLE-COPY PROBLEMS. SENDMAIL FIXES *** *** IN THE WORKS. HACK ATTEMPTED TO BYPASS IT THIS TIME. PGN *** The Cuckoo's Egg (Cliff Stoll) Internet cracker on the loose (Barry Lustig) Late night system administration == trouble on SunOS 4.x (Angela Marie Thomas) Date manipulation and end of millennia (Pete Lucas) Re: An interesting answer to the distributed time problem (Randall Davis) Re: Man-Machine Failure at 1989 World Rowing Championships (Randall Davis) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. TO FTP VOL i ISSUE j: ftp CRVAX.sri.comlogin anonymousAnyNonNullPW cd sys$user2:[risks]get risks-i.j . Vol summaries now in risks-i.0 (j=0) ---------------------------------------------------------------------- Date: Sat, 30 Sep 89 23:59:05 edt From: cliff%cfa253@harvard.harvard.edu (Cliff Stoll) Subject: The Cuckoo's Egg The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage, by Cliff Stoll, Doubleday, 1989, ISBN 0-385-24946-2 $19.95 Book Review by Louise Bernikow, Cosmopolitan, Oct. 1989 Here's a first -- the true story of a man who notices a seventy-five cent discrepancy in a computer's accounting system and runs the error down until it leads to a real live spy ring. Even if you don't know a byte from a bagel, this book will grip you on page one and hold you as ferociously as the best mystery stories. It is astrophysicist-turned-systems-manager Cliff Stoll's first week on the job at a lab in Berkeley, California. The error turns up, and he tries to figure out why, partly as an exercise in learning about the computer system he's going to be working with. Almost immediately, he discovers that somebody had been breaking into the computer network using a fake password. That discovery leads him to other break-ins in other computers, including some in military installations. He alerts the FBI, which, since he has lost neither half a million dollars nor any classified information, says, "Go away, kid." Stoll presses on, sleeping under his desk at night, monitoring the system -- a hound waiting for the fox to come out in the open. There is suspense aplenty, but it's the intensely human, often funny voice of the man on the trail that makes this book so wonderful. Stoll's girlfriend, Martha, a law student, seems like one smart and delightful cookie, and she puts up with his obsession pretty well. In the end, Stoll becomes a national hero. The play-by-play is nothing short of fascinating. ------------------------------ Date: Mon, 02 Oct 89 14:52:08 PST From: barry@ads.com Subject: Internet cracker on the loose There is a cracker on the loose in the internet. This is the information I have so far. Traces of the cracker were found at the Institute for Advanced Studies in Princeton. He also left traces at one of the Super computer centers. Both CERT and the FBI have been called. The technique that is being used is as follows: 1) He has a modified telnet that tries a list passwords on accounts. Username forwards and backwards, username + pw, etc. 2) He seems to have a program call "ret", that is breaking into root. 3) He seems to be getting a list of victim machines via people's .rhosts files. 4) He copies password files to the machines that he is currently working from. 5) He is good about cleaning up after himself. He zeros out log files and other traces of himself. 6) The breakins are occurring bwtween 10pm Sunday night and 8am Monday morning. 7) He seems to bring along a text file of security holes to the machines he breaks into. 8) Backtracing the network connections seem to point to the Boston area as a base of operations. The sys admin at IAS found a directory with the name ".. " (dot dot space space). The files I mentioned above were found in this directory. Barry Lustig, Advanced Decision Systems barry@ads.com (415) 960-7300 ------------------------------ Date: Sat, 30 Sep 89 01:33:31 EDT From: Angela Marie Thomas Subject: Late night system administration == trouble on SunOS 4.x It's another late night of system administration. Tonight the task is time consuming, but relatively simple: Repartition the disks on a Sun4/280 running 4.0.3 to distribute the load to a new disk. No big deal. I partitioned the new disk and dump|restore'd most of the stuff from the old disk onto it and rebooted off of the new disk. I then proceeded to repartition and newfs the old disk. No problems so far. I was about to dump|restore /usr from the new disk back to the old disk (yes, / and /usr are on two different disks) so I mounted xy0g onto /mnt. At least, that's what I *intended* to do. My fingers typed "mount /dev/xy0a /usr" instead. OOPS! Well, no real harm done. I'll just pop over to /sbin and umount the device. WRONG! It seems that /sbin has enough programs in it to get you into trouble, but not enough to get you out of it. No dump, no restore, no umount. I couldn't even sync;sync;halt the system. Oh, mount is there. I could mount more newly newfs'd filesystems onto /usr until my face turned blue. I can't believe it. It was as if I had just stumbled into a cul-de-sac. The only damage done was to me, not the machine. Sigh. Sun, if you're listening, please, please, please put statically linked umount, dump, restore, sync and halt in /sbin. Nine times out of ten, those are the programs I want when I *need* /sbin. Angela Thomas NSFNET: thomas@shire.cs.psu.edu ------------------------------ Date: Thu, 28 Sep 89 15:51:09 BST From: "Pete Lucas, NERC-TLC Swindon U.K." Subject: Date manipulation and end of millennia Date processing; anyone interested in digging out some definitive works should try the following: Ohms B.G (1986) 'Computer processing of dates outside the twentieth century' IBM systems journal vol 25 no. 2 Uspensky J.V. and Heaslet M.A. (1939) 'Elementary Number Theory'. Mcgraw-Hill Whitrow G.J. (1988) 'Time in History' Oxford University Press, Oxford U.K. Much of the relevant work in Whitrow (1988) is based on the works of the French astronomer Jean-Baptiste Delambre (1749-1822). Anybody who is interested, I have robust examples of routines for the manipulation of dates, and examples of routines (written in REXX but easily translated to FORTRAN if you so desire). It has been suggested that if the year is divisible by 4000 then it should NOT be considered a leap-year. Anyone writing code thats likley to be around 2000 years hence??? >-=Pete=-< ------------------------------ Date: Thu, 21 Sep 89 20:27:33 edt From: davis@ai.mit.edu (Randall Davis) Subject: Re: An interesting answer to the distributed time problem (RISKS-9.26) > Take any of the thousands of closed circuit TVs in the ******************************* > hospital and set it to channel 6 and you get a picture of a clock. > Somewhere there is a TV camera pointed at a good old sweep-secondhand > analog clock, and that's what you see on > channel 6. Sometimes low-tech solutions are the best. Thousands of TVs? An expensive television camera doing nothing but sitting there focused on a clock? All those cables, monitors, all that power, bandwidth to burn on the network, etc.? And you call this a **low tech** solution because the clock is analog? Egad. Perspectives have been rather skewed. (Low tech would be a human being walking around with a chronometer re-setting all those clocks by hand.) ------------------------------ Date: Thu Sep 21 21:29:32 1989 From: davis@ai.mit.edu (Randall Davis) Subject: Re: Man-Machine Failure at 1989 World Rowing Championships (RISKS-9.26) On the other hand, I am surprised that in a sport so close to being natural (apart from computer designed shells) a computer would be permitted on-board. A ``natural'' sport? With exotic materials used in the fixtures and in some oars, tanks designed as artificial rivers to row in during the winter, nautilus machines for strength training, attention to nutrition, etc., etc.... Sports haven't been ``natural'' since the Greeks ran the Olympics in the buff. Technology knows no bounds! PGN] Indeed, much like imagination. [I think no sports are natural anymore. The use of computers in baseball is startling. Basketball may be fairly natural. However, with all the steroids, drugs, etc., however, one is never sure what is going on. PGN] ------------------------------ End of RISKS-FORUM Digest 9.30 ************************