Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Hacker at High School in Saginaw
- From: Bill Fryberger
- Date: Fri Mar 05 14:24:20 1999
Jeff,
http://www.rootshell.com/archive-j457nxiqi3gq59dv/199902/ftpd.txt.html
Your going to want to read this, the standerd ftp server that comes with
Redhat
is exploitable by default.
Patches are available but if you are going to use ftp as your main source of
transferring data, you may want to look into another ftpd besides the
wu-ftpd...
Bill
-----Original Message-----
From: netsec@merit.edu <netsec@merit.edu>
To: netsec@merit.edu <netsec@merit.edu>
Date: Friday, March 05, 1999 1:41 PM
Subject: Re: Hacker at High School in Saginaw
Paul,
I have been addressing these issues for the Saginaw County schools where all
13
public school districts have an "Ameritech Education Avenue" server in place
which was originally installed with BSD 2.1. As these hacker incidents
began to
occur, I have been upgrading the servers to Redhat Linux 5.1 and 5.2 and
have
been turning off telnet access plus a few other services. Since the
districts
only use these servers for DNS and to house their websites they didn't need
telnet access. I still keep FTP running though since they use that to
publish
their web pages. Is there any other unix service I should be aware of that
is
generally an easy target on these machines (BSD or Linux)?
==================================
Jeff Johnson, CNE
Network Administrator, Saginaw ISD
http://isd.saginaw.k12.mi.us
==================================
>>> Paul Howell <grue@merit.edu> 03/04 8:09 AM >>>
at: http://sa.mlive.com/news/index.ssf?/news/stories/hackers.frm
An uninvited guest
The hacker may have come from Moscow.
Tuesday, March, 2, 1999
JODI McFARLAND
THE SAGINAW NEWS
Bridgeport High School's speedy Internet
connection made it an attractive stopping place for
a computer hacker.
The school's T1 line, a fiber optic link to the Web,
lured the outsider in October, said Christian M.
Palasty, computer technician for the
Bridgeport-Spaulding Community School District.
"They were using us as a server for a chat
program," he said. "We were also being used as a
lily pad, using us to hop to other locations."
From the server, the hacker visited the chemistry,
physics and ra diology departments at the
University of California at Los Angeles, Harvard
and Franklin University in Ohio. The visitor also
hacked into Lockheed Martin Corp.'s system and
may have come from the Institute of Moscow in
Russia, Palasty said.
He reported the hacking to the FBI, he said. Walter
H. Reynolds, who supervises the bureau's Saginaw
office, said he knew of no investigation.
The identity of the hacker, or hackers, was not
decipherable, Palasty said.
"It was somebody outside the building, not
somebody inside, but it could have been a student
from home," Palasty said. "They tended to know
what they were doing, hiding their footprints more
than a common hacker would. They knew
They were using us as a server for a chat program.
CHRISTIAN M. PALASTY
Bridgeport schools computer technician
enough to hide themselves, not enough to hide
themselves completely."
In early December, the district cut the student
e-mail service that allowed the hacker to gain
access under the name "Ted," Palasty said.
Students now use free Web e-mail accounts.
"We found Ted on there and said, 'Who's Ted?'"
Palasty said.
With the modifications, he said, "a hacker cannot
gain access the way this person did. There's no
chance of it now."
The visitor didn't damage equipment or delete files,
Palasty said. Student grades and teacher
information is not accessible through the system.
The district was attractive because of its
high-speed Internet connector and its available
hard drive space, Palasty said.
As schools add technology to their buildings and
lessons, more weak spots could surface, he said.
Hackers are finding it easy to use schools to
conduct their foraging, he said.
"(Schools) generally don't have the money to buy
the high-tech equipment to lock them out," Palasty
said. "Schools can't keep them out, so they tend to
be attractive. That's what they're looking for. For
fast access to the West Coast or East Coast, this is
a prime location."
Word of Bridgeport's hacking reached the Buena
Vista School District, which also use the T1
connector provided by Ameritech. In early January,
school officials scanned their site to see if hackers
were using it.
"As we checked out the system, someone was
trying to come through at that point," said
Superintendent Vivian Keys-Brown. "We just
unplugged our system from the outside lines."
The district then bought equipment to ward off
future uninvited guests, Keys-Brown said.
|
