RE: [Off-topic] Mud Machine hacked

From: Gary Barnett (gbarnett@polarnet.com)
Date: 02/25/97


----------
From:  Mehdi Keddache [SMTP:mk454@columbia.edu]

>The computer was hacked...
>Now I am not a system guru but I what I see is that unless there is
>another way that I am clueless about, when you access a computer through
>telnet you are asked a login and a password. According to some theory that
>I read somewhere if your password is long enough and unrelated to your
>public activities (not mickeymouse for the disney site root login) there
>is only one chance in some trillion that one can find the password and it
>would take them 10 times that amount of minutes to type in all the
>passwords even with a good computer.

The password was not compromised. A login exploit was used due to an incorrectly configured ftp daemon.
I had a cron job running every minute to look for invalid logins. It did it's job.. unfortunately not before the
Intruder managed to delete several critical directories. I'm thinking they did an RM -R * and it kicked them
Out before they got to all the dirs.  If you are running a variant of UNIX there are ways in. Subscribe to the
Various security mailing lists.. and then religiously apply the patches the moment they are available. Also don't run old versions of Linux. They are as full of holes as swiss cheese.

Many exploits exist to get a copy of the /etc/passwd file. Even as you say it'd take you 10 times x amount of minutes to crack the password, a computer can type much faster than you :) .. in fact the crack program does
A good job of getting passwords. An example of a hard to crack password (the one I used to use) is: 
L101879c   -- it appears in no dictionary .. the first test of a good password. 

Also get a copy of a program called tripwire.. Assuming they leave you with a filesystem you'll be able to figure
Out what was changed.. and thereby figure out how they got in.

>My questions are:
>Is being hacked a concern? Does it happen? Is it the result of poor site
>security or are there really people out there that can make my computer
>believe that they are me when they are not? In other words, do hackers
>really exist or are they just an internet rumor?

They are most assuredly not a rumor. Most (all?) systems have vulnerabilities. There are quite a few people out there that get their kicks out of trashing systems. Especially if the sysadmins pissed them off (rightly or wrongly)
Some also just want to get in and look around.. Others get in to steal stuff. I experienced a typical denial of service attack.. they trashed the machine and left.

>***** If so can you change my grades on the University computer? *****

Only if you want to spend time wearing a uniform and living in a cell courtesy of the government.

--Mallory




+-----------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
|   http://cspo.queensu.ca/~fletcher/Circle/list_faq.html   |
|    Or send 'info circle' to majordomo@cspo.queensu.ca     |
+-----------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/18/00 PST