Merit Joint Technical Staff
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
system security
- From: Richard Schmalgemeier
- Date: Tue Jun 30 00:34:02 1992
Over the past couple of days I've been following the trail
of a hacker (or two) who has broken into machines at at least
four different sites in Michigan. In some of the cases it
is not yet clear how the hacker gained entry. In others
they probably got in by simply exploiting known security
holes that left machines vulnerable.
One potential security hole is a TFTP server. If running, and
not secured, this may allow someone to get a copy of your
password file, letting them crack passwords at their leisure.
Another hole are the hosts.equiv, hosts.lpd and .rhosts files.
Please remember that a '+' by itself leaves your system very
exposed. A '-', as the only, or first, entry also leaves your
system exposed. CERT "strongly cautions" sites about the use
of .rhosts and host.equiv files. They suggest that they not be
used unless absolutely necessary.
Information on system vulnerabilities is available via anonymous
ftp from CERT.ORG and can be found in the directories:
/pub/cert_advisories
/pub/clippings
Please make certain that information on system security and
exposures gets to all system administrators on your campus
who have network connected machines -- not just those people
in the computer center/computer science areas.
If you believe that your machine has been broken into, or need
some additional information to know what to look for in the
current case, please contact me directly at rgs@merit.edu or
313/764-9430. If you send me a message, please include a phone
number.
- Rick Schmalgemeier -- Merit
rgs@merit.edu / 313/764-9430
- - - - - - - - - - - - - - - - -
|
