From: dethbug@deth.ciris.net (Dethbug) Newsgroups: alt.hackers Subject: the little guy's security Date: 15 Jan 1998 06:14:17 GMT Organization: Messy Lines: 29 Approved: root@blackhole.com Message-ID: Reply-To: dethbug@ciris.net NNTP-Posting-Host: p-317.newsdawg.com X-Newsreader: slrn (0.9.4.3 UNIX) Path: ccw.ch!aetna.dolphins.ch!news.planetc.com!news-xfer.siscom.net!204.186.0.13.MISMATCH!ptdnetP!newsgate.ptd.net!peerfeed.ncal.verio.net!newshub1.home.com!news.home.com!zdc!szdc!super.zippo.com!newsp.zippo.com!dethbug I was having a conversation with a co-worker today about the security of a company Linux box. He remarked that he would use only Kerberos style authentication for stuff like rlogin and rsh, so anyone sniffing would have a little harder time. I wondered how he thought anyone would sniff on a machine to which they did not have access (humor me and assume the system was entirely inpenetrable). He looked a bit supprised and said something about the "higher-ups" in Arpa pretty much having free reign over the Internet (I'm assuming he means people with access to the major SONET nets). So how likely is it that someone like this can unlock any machine they want? Kinda spooky. *FirstObHack* I am fully prepared to be flamed for this one. Anyway, I take courses through my high school that count for credit, both on campus and for college hours. So I had to register with a community college in my area. Now, I am only 17, but with this registration I received a valid college ID. And, oh, how trusting people are that any college student MUST be at least 18 years old! :) PS - Quit posting to this channel and saying crap like, "Wow, it's easy to post in this channel! Really, all you newbies, it's not that hard. All you have to do is...oh I've said too much." I don't think you realize how dorky it is. (Pardon the digression to such a third-grade mentality.) -- choices always were a problem for you what you need is someone strong to guide you deaf and blind and dumb and born to follow what you need is someone strong to use you like me [ Tool ] [ dethbug@ciris.net ] ###### From: ---nospam---mrjones@mindspring.com (Mark Haase) Newsgroups: alt.hackers Subject: Re: the little guy's security Date: Thu, 15 Jan 1998 13:56:42 -0500 Organization: WEBeam Lines: 51 Approved: yes Message-ID: <---nospam---mrjones-1501981356430001@user-37kbnp8.dialup.mindspring.com> References: NNTP-Posting-Host: user-37kbnp8.dialup.mindspring.com X-Server-Date: 15 Jan 1998 18:54:14 GMT X-Newsreader: MT-NewsWatcher 2.3.5 Path: ccw.ch!aetna.dolphins.ch!news.planetc.com!atl-news-feed1.bbnplanet.com!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!news.mindspring.com!---nospam---mrjones Sorry if I offended you. You are obviously pretty cool because you are taking college classes in high school and are a computer nerd. My bad. The point was: anybody who has read the FAQ might think that only a talented hacker or cracker can post to this group. Actually, the FAQ is misleading.. In addition, I have the only person that I know of that has posted something like that, so don't criticize the whole group. In article , dethbug@ciris.net wrote: > I was having a conversation with a co-worker today about the security of > a company Linux box. He remarked that he would use only Kerberos style > authentication for stuff like rlogin and rsh, so anyone sniffing would have > a little harder time. I wondered how he thought anyone would sniff on a > machine to which they did not have access (humor me and assume the system > was entirely inpenetrable). He looked a bit supprised and said something > about the "higher-ups" in Arpa pretty much having free reign over the > Internet (I'm assuming he means people with access to the major SONET nets). > So how likely is it that someone like this can unlock any machine they want? > Kinda spooky. > > *FirstObHack* > I am fully prepared to be flamed for this one. Anyway, I take courses through > my high school that count for credit, both on campus and for college hours. So > I had to register with a community college in my area. Now, I am only 17, but > with this registration I received a valid college ID. And, oh, how trusting > people are that any college student MUST be at least 18 years old! :) > > PS - Quit posting to this channel and saying crap like, "Wow, it's easy to > post in this channel! Really, all you newbies, it's not that hard. All > you have to do is...oh I've said too much." I don't think you realize > how dorky it is. (Pardon the digression to such a third-grade mentality.) > > -- > choices always were a problem for you > what you need is someone strong to guide you > deaf and blind and dumb and born to follow > what you need is someone strong to use you > like me [ Tool ] [ dethbug@ciris.net ] +--------------------------------------\ | Mark Haase \ +---------------------------------------/ | WEBeam >------>------> / | mrjones@mindspring.com \ | markhaase@mindspring.com \ | mhaase@pace.atl.ga.us / | / | /\ /\ /\ /\ /\ /\ / |/ \ / \ / \ / \ / \ / \ / | \/ \/ \/ \/ \/ \/ ###### Path: ccw.ch!usenet From: Neil.Franklin.remove.this@ccw.ch Newsgroups: alt.hackers Subject: Re: the little guy's security Date: 17 Jan 1998 04:07:15 +0100 Organization: My own Private Self Lines: 50 Approved: me@by.my.self Message-ID: Refeences: X-Newsreader: Gnus v5.3/Emacs 19.34 dethbug@deth.ciris.net (Dethbug) wrote: >He remarked that he would use only Kerberos style >authentication for stuff like rlogin and rsh Or use ssh. It is encrypted with IDEA and authentificated with RSA (= safe). ANd it needs no clunky ticket servers, just a few key files (like PGP keys), sec-key on client, pub-key on server. >about the "higher-ups" in Arpa pretty much having free reign over the >Internet (I'm assuming he means people with access to the major SONET nets). >So how likely is it that someone like this can unlock any machine they want? >Kinda spooky. They can't. No more (or less) than anyone else can. Intrusion requires sending the right packets to trick a server to respond "desirably". It is a question of knowing what bugs are there to exploit. That doesn't require bandwidth, any 9600 modem will do. A fast line (such as SONET) only gives you more room to send packets. That only affects some primitive denial-of-service attacks. ObHack It is after midnight, on the way home today (it is now 03.55am). No usable clock in the car (not set since changing the car battery). The driver asks me what time it is. I try to use my watch and see nothing (it is pitch black outside and I have an analog watch with no light in it (I am fully retro, you see)). I can't use a torch because the reflections from the screen would distract the driver (we are doing 80mph). So where do I get light from? I remember that when we were overtaken, the lights of the other cars made reading it possible, but there is no car behind us:-) But there is one in front, so my next sentance: Overtake him, I need light for my watch! It was 01.05am And yes, the trick to post _is_ easy. -- Neil.Franklin.remove.this@ccw.ch, http://www.ccw.ch/Neil.Franklin/ for Geek Code, Papernet, Voicenet, PGP public key see http: Mac, 95 and NT users are CLUEless (Command Line User Environment) If I go missing, its once again my newsfeed that has craped