[PLUG] Hacking and Universities...

Elliott Mitchell ehem at m5p.com
Mon Nov 15 08:24:28 UTC 2004 

>From: Matt Alexander <lowbassman at gmail.com>
> Usually it progresses in 3 phases.  The first phase is just access to
> the student's computer and the deletion of a few harmless files or
> other activities that make the system perform strangely (this may have
> happened to you already).  If the student still hasn't properly
> secured their computer then phase two is implemented.  Phase 2
> involves the installation of programs designed to make the use of the
> computer frustrating to use - constant popups, false virus warnings,
> random program crashes, etc.  Phase 2 will often times involve the
> installation of a root kit for attacking other students' systems and
> to hide the instructor's origin.  Phase 3 wipes the filesystem of all
> data.

Any University that does this sort of thing better have one heck of a
good lawyer. OTOH scanning and disconnecting access for someone with an
insecure machine is more than likely to happen.

> These university instructors are excellent hackers and they not only
> know the university's systems inside and out, they are usually
> specialists in a particular OS and often work in teams against more
> challenging targets.

I've got some oceanside land in Arizona I'd like to sell you. Provide
references before I can no longer stiffle my laughter.

Most Universities do have good network access. This does lead to greater
exposure, and quite likely the kiddies will be all over you quickly if
you've got a really insecure machine. Those folks will happily toast you
without having a good lawyer.

> Your idea of a 4-leather-wallet-high firewall is a good one, but that
> might not even be enough.  These university instructors can be
> ruthless.  You might need 2 or even 3 firewalls just to be on the safe
> side.

Software is infinitely more flexible than hardware. _Well_ written
firewall software will clobber hardware any day. All of the "hardware"
firewalls are simply hardware designed to assist firewall software
anyway. Having it in a separate box simply means that you've got firewall
in a separate box, any of the free Unicies will do a firewalling job
equivalent to these "hardware firewalls" easily. If you're on EvilOS
though you don't have any options.


>From: Darkhorse <plug_0 at robinson-west.com>
> There appears to be a serious security flaw in the G4 iBook.  It could
> be that Mac OS 9 is totally insecure, my brother's iBook was running
> OS/9 when the virus hit.  A hardware firewall/filter proxy cube might
> protect you if you don't have your latop or desktop firewall configured 
> correctly.  The virus that hit my brother's laptop turned it 
> into a multicast broadcaster to who knows here.  This
> virus got past his antiviral software and it survived a zero fill
> reformatting of the hard drive.  It must be in the bios of the
> computer.  Short of being able to pull and reprogram or replace 
> the bios chip, there's no way I can see to get rid of this virus. 
> That's assuming there isn't a bug in Mac OSX 10.3's format program 
> that is allowing the virus to survive the format operation.

Please call it by its proper name "firmware". Did this system have all
the current patches installed? If the system isn't configured corectly
you're already dead no matter what you're doing. Though I've been waiting
for a virus to each flash chips I've yet to see any reports of such a
beast.

> My brother had ipfw configured.  I don't know if his firewall 
> was up when the virus hit.  Apparently it came in through
> Safari.  He believes that the virus gets around ipfw 
> considering that he has rules denying multicast packets
> and his laptop does multicasting to who knows where.
> Assuming ipfw on his iBook doesn't work because of a flaw somewhere,
> a hardware firewall could indeed be better than the supplied
> software one.  This virus eats data files, so his laptop is 
> worthless unless it can be cleaned.

Well, if it isn't up, it isn't worth much now is it? Preventing such
packets coming in, doesn't prevent you from sending them out. Perhaps
this is a virus of the common type called "hardware failure"? These virii
appear to accumulate on old hardware eventually rendering it completely
useless (completely dead), no one has tracked down who originally created
these, but it appears the manufacturers try to encourage their spread in
order to get people to "upgrade" their computers. Apparently there is a
special firewall called a "warrenty" that stops these from spreading.


-- 
(\___(\___(\______          --=> 8-) EHM <=--          ______/)___/)___/)
 \   (    |         EHeM at gremlin.m5p.com PGP 8881EF59         |    )   /
  \_  \   |  _____  -O #include <stddisclaimer.h> O-   _____  |   /  _/
    \___\_|_/82 04 A1 3C C7 B1 37 2A*E3 6E 84 DA 97 4C 40 E6\_|_/___/

More information about the PLUG mailing list