The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 9 Issue 30

Monday 2 October 1989

Contents

o The Cuckoo's Egg
Cliff Stoll
o Internet cracker on the loose
Barry Lustig
o Late night system administration == trouble on SunOS 4.x
Angela Marie Thomas
o Date manipulation and end of millennia
Pete Lucas
o Re: An interesting answer to the distributed time problem
Randall Davis
o Re: Man-Machine Failure at 1989 World Rowing Championships
Randall Davis
o Info on RISKS (comp.risks)

The Cuckoo's Egg

Cliff Stoll <cliff%cfa253@harvard.harvard.edu>
Sat, 30 Sep 89 23:59:05 edt
  The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage,
  by Cliff Stoll, Doubleday, 1989, ISBN 0-385-24946-2              $19.95

Book Review by Louise Bernikow, Cosmopolitan, Oct. 1989

Here's a first -- the true story of a man who notices a seventy-five cent
discrepancy in a computer's accounting system and runs the error down until it
leads to a real live spy ring.  Even if you don't know a byte from a bagel,
this book will grip you on page one and hold you as ferociously as the best
mystery stories.

It is astrophysicist-turned-systems-manager Cliff Stoll's first week on the job
at a lab in Berkeley, California.  The error turns up, and he tries to figure
out why, partly as an exercise in learning about the computer system he's going
to be working with.  Almost immediately, he discovers that somebody had been
breaking into the computer network using a fake password.  That discovery leads
him to other break-ins in other computers, including some in military
installations.  He alerts the FBI, which, since he has lost neither half a
million dollars nor any classified information, says, "Go away, kid."

Stoll presses on, sleeping under his desk at night, monitoring the system -- a
hound waiting for the fox to come out in the open.  There is suspense aplenty,
but it's the intensely human, often funny voice of the man on the trail that
makes this book so wonderful.  Stoll's girlfriend, Martha, a law student, seems
like one smart and delightful cookie, and she puts up with his obsession pretty
well.  In the end, Stoll becomes a national hero.  The play-by-play is nothing
short of fascinating.


Internet cracker on the loose

<barry@ads.com>
Mon, 02 Oct 89 14:52:08 PST
There is a cracker on the loose in the internet.  This is the information
I have so far.  Traces of the cracker were found at the Institute for
Advanced Studies in Princeton.  He also left traces at one of the Super
computer centers.  Both CERT and the FBI have been called.

The technique that is being used is as follows:

1) He has a modified telnet that tries a list passwords on accounts.  Username
   forwards and backwards, username + pw, etc.

2) He seems to have a program call "ret", that is breaking into root.

3) He seems to be getting a list of victim machines via people's
   .rhosts files.

4) He copies password files to the machines that he is currently
   working from.

5) He is good about cleaning up after himself.  He zeros out log files
   and other traces of himself.

6) The breakins are occurring bwtween 10pm Sunday night and 8am Monday
   morning.

7) He seems to bring along a text file of security holes to the
   machines he breaks into.

8) Backtracing the network connections seem to point to the Boston
   area as a base of operations.

The sys admin at IAS found a directory with the name "..  " (dot dot
space space).  The files I mentioned above were found in this
directory.

Barry Lustig, Advanced Decision Systems  barry@ads.com  (415) 960-7300


Late night system administration == trouble on SunOS 4.x

Angela Marie Thomas <thomas@shire.cs.psu.edu>
Sat, 30 Sep 89 01:33:31 EDT
It's another late night of system administration.  Tonight the task is
time consuming, but relatively simple:  Repartition the disks on a
Sun4/280 running 4.0.3 to distribute the load to a new disk.  No big deal.

I partitioned the new disk and dump|restore'd most of the stuff from
the old disk onto it and rebooted off of the new disk.  I then
proceeded to repartition and newfs the old disk.  No problems so far.

I was about to dump|restore /usr from the new disk back to the old disk
(yes, / and /usr are on two different disks) so I mounted xy0g onto
/mnt.  At least, that's what I *intended* to do.  My fingers typed
"mount /dev/xy0a /usr" instead.  OOPS!  Well, no real harm done.  I'll
just pop over to /sbin and umount the device.  WRONG!  It seems that
/sbin has enough programs in it to get you into trouble, but not enough
to get you out of it.  No dump, no restore, no umount.  I couldn't even
sync;sync;halt the system.  Oh, mount is there.  I could mount more
newly newfs'd filesystems onto /usr until my face turned blue.  I can't
believe it.  It was as if I had just stumbled into a cul-de-sac.  The
only damage done was to me, not the machine.  Sigh.

Sun, if you're listening, please, please, please put statically linked
umount, dump, restore, sync and halt in /sbin.  Nine times out of ten,
those are the programs I want when I *need* /sbin.

Angela Thomas                   NSFNET: thomas@shire.cs.psu.edu


Date manipulation and end of millennia

"Pete Lucas, NERC-TLC Swindon U.K." <PJML@ibma.nerc-wallingford.ac.uk>
Thu, 28 Sep 89 15:51:09 BST
Date processing; anyone interested in digging out some definitive works should
try the following:

Ohms B.G (1986) 'Computer processing of dates outside the twentieth century'                 IBM systems journal vol 25 no. 2

Uspensky J.V. and Heaslet M.A. (1939) 'Elementary Number Theory'. Mcgraw-Hill

Whitrow G.J. (1988) 'Time in History'     Oxford University Press, Oxford U.K.

Much of the relevant work in Whitrow (1988) is based on the works of
the French astronomer Jean-Baptiste Delambre (1749-1822).

Anybody who is interested, I have robust examples of routines for the
manipulation of dates, and examples of routines (written in REXX
but easily translated to FORTRAN if you so desire).
It has been suggested that if the year is divisible by 4000 then it
should NOT be considered a leap-year.  Anyone writing code thats likley
to be around 2000 years hence???
                                                            >-=Pete=-<


Re: An interesting answer to the distributed time problem (RISKS-9.26)

Randall Davis <davis@ai.mit.edu>
Thu, 21 Sep 89 20:27:33 edt
> Take any of the thousands of closed circuit TVs in the
                  *******************************
> hospital and set it to channel 6 and you get a picture of a clock.
> Somewhere there is a TV camera pointed at a good old sweep-secondhand
> analog clock, and that's what you see on
> channel 6.  Sometimes low-tech solutions are the best.

Thousands of TVs?  An expensive television camera doing nothing but sitting
there focused on a clock?  All those cables, monitors, all that power,
bandwidth to burn on the network, etc.?

And you call this a **low tech** solution because the clock is analog?  Egad.
Perspectives have been rather skewed.

(Low tech would be a human being walking around with a chronometer re-setting
all those clocks by hand.)


Re: Man-Machine Failure at 1989 World Rowing Championships (RISKS-9.26)

Randall Davis <davis@ai.mit.edu>
Thu Sep 21 21:29:32 1989
     On the other hand, I am surprised that in a sport so close to being
     natural (apart from computer designed shells) a computer would be
     permitted on-board.

A ``natural'' sport?  With exotic materials used in the fixtures and in some
oars, tanks designed as artificial rivers to row in during the winter,
nautilus machines for strength training, attention to nutrition, etc., etc....
Sports haven't been ``natural'' since the Greeks ran the Olympics in the buff.

     Technology knows no bounds!  PGN]

Indeed, much like imagination.

  [I think no sports are natural anymore.  The use of computers in baseball
  is startling.  Basketball may be fairly natural.  However, with all the
  steroids, drugs, etc., however, one is never sure what is going on.  PGN]

Please report problems with the web pages to the maintainer

Top