Article 32958 of alt.security: Path: nntpd.lkg.dec.com!crl.dec.com!crl.dec.com!bloom-beacon.mit.edu!newsfeed.internetmci.com!howland.reston.ans.net!news1.digex.net!news3.digex.net!digex.net!not-for-mail From: dunk@access1.digex.net (Dunk Moore) Newsgroups: alt.security,talk.politics,talk.politics.crypto Subject: Re: Hacker Sticks University Date: 10 Dec 1995 21:15:48 -0500 Organization: Hi. Lines: 51 Message-ID: <4ag48k$drp@access1.digex.net> References: <4af9ig$741@news.us.net> NNTP-Posting-Host: access1.digex.net Xref: nntpd.lkg.dec.com alt.security:32958 talk.politics.crypto:14210 In article <4af9ig$741@news.us.net>, Charles R. Smith wrote: >In an article published in the Richmond Times-Dispatch, on Sat. Dec, >9th, 1995, Wes Allison - TD reporter wrote - TEENAGE VISITOR BREAKS >INTO COLLEGE COMPUTER. A 16 year old vistor to Eastern Mennonite >University used the password of a friend and hacker software from a >BBS to crack into the Novell Network which contained confindential >student and faculty information. Included in his hack were items like >grades, answers to the upcoming finals for all classes, private mail >and faculty documents. > >The danger of a terrorist hacking into a computer with medical, >genetic or biological information is very real. The data at any >hospital or university could provide deadly information. The answer >to this problem is a good combination of firewalls, encryption and >human security. The real issue for those of in the DP industry is to >change the laws and attitudes of those who oppose making such devices >available to all of us. The dangers are not just in terms of liberty >or democracy but of indivdual safety. > Sounds like they have a idiot admin. You don't even need a friends password. Now, all you NetWare users out there: 1. Make sure you are running 4.x or 3.12 3.11 and below are not exceptable. 2. Turn on packet sigs. Modify the server to DENY any request from workstations that aren't using Packet sig (it's RSA!) You need to upgrade all workstations to VLMs. 3. Require passwords for all users. 4. Set indurder detection to 5 invalids and 24 hour lock out. 5. Use fake normal sounding accounts to do admin work from. 6. RESTRICT ALL ACCESS TO ADMIN ACCOUNTS TO A PHYSICAL STATION ADDRESS THAT IS LOCKED AWAY. 7. Setup an account SYSOP with the password 'SYSOP'. Try to keep this user logged in. Set the login script to SEND you a message alerting you to a problem with the station address. Walk down the hallway and yell "STOP! STACK OVERFLOW!". Watch the faces turn white. have fun. dunk ps: check out my ftp site ftp://ftp.access.digex.net/access/dunk for a complete set of utilities for hacking a Novell site.