home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hackers Underworld 2: Forbidden Knowledge
/
Hackers Underworld 2: Forbidden Knowledge.iso
/
UNDERGRD
/
VOL_1
/
CUD107D.TXT
< prev
next >
Wrap
Text File
|
1994-11-01
|
9KB
|
182 lines
****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 1, Issue #1.07 (May 5, 1990) **
****************************************************************************
MODERATORS: Jim Thomas / Gordon Meyer
REPLY TO: TK0JUT2@NIU.bitnet
FTP SITE: RJKRAUSE@SUNRISE.bitnet
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.
--------------------------------------------------------------------
DISCLAIMER: The views represented herein do not necessarily represent the
views of the moderators. Contributors assume all responsibility
for assuring that articles submitted do not violate copyright
protections.
--------------------------------------------------------------------
***************************************************************
*** Computer Underground Digest Issue #1.07 / File 4 of 6 ***
***************************************************************
Date: Thu, 26 Apr 90 11:44:41 EDT
From: Karl Smith <ksmith@ANDREW.dnet.ge.com>
Subject: article forwarded from alt.security
To: TK0JUT2%NIU.BITNET@uicvm.uic.edu
[This is from alt.security. Since it was publically posted, you should
be able to reprint it, but you might want to contact the author first.
I saw this and thought you might be interested. ]
%Eds. Note: We attempted to contact the author and the digest on
which it was originally printed and rec'd no reply. Because it
was a public message, and because of its interest value, we
reprint it here%.
------------------------------------------------------------------
Article 105 of 113, Sun 02:47.
Subject: Re: Alt.security discussion (long)
From: jbass (John Bass, temporary account)
Newsgroups: alt.security
Date: 22 Apr 90 09:47:55 GMT
Sender: news@sco.COM
I to have to lend support for leaving this group an open widely distributed
forum. I have been on both sides of the fence over the last 21 years ...
both managing and cracking systems.
During 1970 to 1973 I was too bright, too interested in systems
programming, and too often in the wrong place at the wrong time. I was
continuously accused to attempting to breach facility security by three
separate college data center staffs. I was harassed, denied access to
facilities, watched like a criminal, and lived under restrictions not
placed on other students simply because of a FEAR that I knew too much
about operating systems. I did complex 360 DOS RJE sysgens and ported major
sections of OS ECAP back to DOS while other students wrote "hello world"
fortran and basic programs. I dreamed BAL, DOS, and OS/MVT.
Finally I had enough, and with several instructors' support, I started
finding out how to do the things I was being accused of. Within a few
months I not only identified the underground hackers that were causing the
problems, but also helped create the fixes that shut them out. In the sport
of this, we protected the identity of the underground groups at CalPoly
Pomona and Sacramento and continued to play the game for a year and a half.
I cracked the security of the system in a few weeks simply by knowing it
could be done (having been already accused of such). Most of the things we
did were directly in response to the negative direction provided. The
system was a nation wide timesharing service (CTS/ITS) based on the XDS940
rel 3 OS converted to run on CDC 3100's and 3300's. The system was based on
a similar model as UNIX with supposedly VERY TIGHT SECURITY. We broke that
security right down to intercepting interrupt vectors and inserting private
kernel code and maintained a level of penetration for 18 months while
providing the facility staff source level fixes from the disassemblies of
the raw binary.
Early in the assault we were aided by the DEBUGGING aids left by the
systems staff ... a user level command to dump/patch the kernel address
space! We also found doing a particular type of memory allocate gave you
the first available DIRTY memory pages ... allowing some very interesting
statistical analysis to recreate a complete runtime binary image of nearly
every processes text and data space, including kernel temporary buffers for
terminal I/O and File I/O (a great hunting land for passwords and other
trivia!). I also wrote a program to attempt all possible system calls with
widely varied arguments ... stumbling upon the fact that the haltsys system
call could be executed in user mode and various peripheral ioctl's as well
(taking offline printers and disks).
As we found new ways break the security, we would pass the old ways on to
the facility staff ... keeping the window open for us and closing it for
others. (I greatly appreciate the insights to what could be done to the
system during my visit Easter break 1973 provided by Steve Mayfield and
Gary Philips of CalPoly Pomona, as well as the XDS 960 sources and PLM's
they later provided!) (I suppose I should also thank Alan and the gang at
CalState Sacramento for discovering you could link an operators console,
thus stealing all operations passwords and the resulting havoc and concern
they caused, which I was then accused of). (Hmm I suppose I should also
thank Bob Oberwager(SP?) and the staff at CalState Northridge, which
managed the CalState version of the system, for being such panic stricken
mindless idiots to have blamed me for the many things I hadn't done during
fall 72 and winter 73 ... and then continuing to blame me instead of the
underground groups! Without their quick guidance I would have missed many
of the things the other groups were up to!!!)
The systems staff was outraged because NOBODY had the source except them.
Armed with the original XDS source, we were able to disassemble the 3300
port back to source code in about a man year. We did most of our work on
other systems to prevent the sysops from spying. Many thousands of feet of
paper tape was punched at 110 buad on an ASR33 teletype, converted to a 9
track tape on a varian, and disassembled late at night on one of several
360 sites.
Much of the SECURITY of the system was the supposed lack of internal
documentation, which we recreated in better detail than the internal staff
had.
UNIX is a completely different beast ... nearly every major hacker has
partial source of some version along the way ... the university environment
has been too lax in protecting the source base.
It is impossible to hide ones head in the sand with such widely held source
access ... even without sources, disassembly is an easy method to recreate
sources, particularly with other source versions around as a model.
Instead of bitching about this forum, more attention should be paid to the
gamesmanship that is played out between bad hackers and their victims.
These energies need to be recognized and redirected where possible to
supervised positive pursuits. The ethics and liabilities need to be
discussed at length with proper reprimands for those who step over the
line. Management FEAR must be replaced with INFORMED action to stop this
deadly game.
Even good kids can crack when subject to long term negative pressure. I
stayed above ground from 1970 through 1975, in the face of threats of
expulsion and legal reprisals, with the support of some understanding
faculty. The long term strain and anger from this, combined with some
severely bad personal times, lead to a lash out against ITS in 1975,
resulting in an ethics breach I am not proud of ... and some lessons
learned.
There need to be more MIT & Berkeley style open student managed systems for
undergraduates ... giving our future sysops and system programmers a
breeding ground to develop in. This really applies at BOTH college and High
School level.
There is NOTHING MAGIC OR SPECIAL about computer data ... it is JUST LIKE
it's paper counter part. Everyone should be made to un