Copy Link
Add to Bookmark
Report
Fucked Up College Kids File 291
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
= F.U.C.K. - Fucked Up College Kids - Born Jan. 24th, 1993 - F.U.C.K. =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Security is Obscure
~~~~~~~~~~~~~~~~~~~
"Obscure (adj.): [...] 4. Not famous or well-known. 5. Difficult to
understand." -- _The American Heritage Dictionary_, 2nd ed., 1983.
Okay, so it's an old dictionary. But the meaning of the word "obscure"
really hasn't changed much in the last decade.
I wanted to write this file as a word of encouragement to beginning
hackers who think everything has already been done and security
everywhere is tighter than the pope's ass (but not the alterboy's, ha
ha). I intend to illustrate the base ignorance of many system
administrators who know less about unix than the average hobo does.
Security is obscure in the sense of the first meaning I quoted; most
*.edu systems have admins who haven't got the slightest clue as to how
they can secure their system, as well as letting their users (recall that
the weakest link in any "secure" system is usually the people who use it)
choose poor passwords. Thus, if Joe Admin sets up a system and restricts
access to dial-up and computer labs, Joe Hacker will still be able to get
in using Joe User's password ("sex") and a modem.
One case I wanted to mention specifically in this file happened over the
course of the past few weeks. I requested and received a copy of an
unnamed school's passwd file from an unnamed source (you know who you
are. Thanks again!) after he told me that it was unshadowed and
world readable. I ran jack on it using a few wordlists before I
found out that the passwd binary forced users to use non-dictionary
passwords. Then, because I was bored and needed to brush up on my C
knowledge (very little, actually), I whipped up a program to output all
possible 8-character printable password combinations. After some quick
calculations, I discovered that I would need at least 6,500 9-gig Seagate
drives and several decades to store all the combinations and use them
with jack. Discouraged, I dropped the matter for a while.
Then a co-worker asked me to step her through the "reading email"
process on her account, which happened to be on the system in question. An
account she had never used. One with the default password still in place.
I helped her log in and incidentally discovered that default student
passwords on this particular system were the first 8 digits of the
social security number. I also found that the .login script *didn't
force first-time users to change their password*! I guided her through
the "changing your password" stage and was astounded to find that this
poor-security system forced users to use non-dictionary passwords but
wasn't set up to force an initial password change.
I let it sit for about a week before I got around to modifying my
program to output combinations of 8-digit numeric combinations. After
further trimming it down to output only the combinations beginning with
521, 522, 523, 524, and 525 (CO-issued SSNs) (the "full" output would
take about 110 megs), I had a 5-meg wordlist file that has netted me
over 60 accounts from this system. These accounts were snagged over a
total period of about 10 hours or so, and I used my very limited SSN
list. Imagine how many I would have if I used the "full" SSN output and
gave jack a few weeks.
The second definition of "obscurity" that I quoted does not seem to
apply at first; most people who work with computers have some
understanding of security, and admins should be especially aware of
security issues. Yet I have found and continue to find just the opposite,
nearly every day. This is why you should use PGP and SSH; why should you
trust your admin to secure his system? If you have faith in his sysadmin
skills but I have reason to believe otherwise, then you'll be the one
who loses when I start hanging out in your home directory.
As an addendum to this file, I'm including "Things overheard while scanning
cell frequencies". I started it as a separate file, but I don't have nearly
enough:
"Oh shit, I just ran a red light."
"People can listen to cellular conversations with one of them hand-held
walkie-talkies."
-Legion
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
= Questions, Comments, Bitches, Ideas, Rants, Death Threats, Submissions =
= Mail: jericho@dimensional.com (Mail is welcomed) =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
= To receive new issues through mail, mail jericho@dimensional.com with =
= "subscribe fuck". If you do not have FTP access and would like back =
= issues, send a list of any missing issues and they will be mailed. =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
= Files through AnonFTP FTP.DIMENSIONAL.COM/users/jericho/FUCK =
= FTP.SEKURITY.ORG/pub/zines/fucked.up.college.kids =
= FTP.PRISM.NET/pub/users/mercuri/zines/fuck =
= FTP.WINTERNET.COM/users/craigb/fuck =
= FTP.GIGA.OR.AT/pub/hackers/zines/FUCK =
= ETEXT.ARCHIVE.UMICH.EDU/pub/Zines/FUCK =
= Files through WWW: http://www.dimensional.com/~jericho =
= http://www.prism.net/zineworld/fuck/ =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
= (c) Copyright. All files copyright by the original author. =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=