**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 1, Issue #1.07 (May 5, 1990) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer REPLY TO: TK0JUT2@NIU.bitnet FTP SITE: RJKRAUSE@SUNRISE.bitnet COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. -------------------------------------------------------------------- DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. -------------------------------------------------------------------- *************************************************************** *** Computer Underground Digest Issue #1.07 / File 4 of 6 *** *************************************************************** Date: Thu, 26 Apr 90 11:44:41 EDT From: Karl Smith Subject: article forwarded from alt.security To: TK0JUT2%NIU.BITNET@uicvm.uic.edu [This is from alt.security. Since it was publically posted, you should be able to reprint it, but you might want to contact the author first. I saw this and thought you might be interested. ] %Eds. Note: We attempted to contact the author and the digest on which it was originally printed and rec'd no reply. Because it was a public message, and because of its interest value, we reprint it here%. ------------------------------------------------------------------ Article 105 of 113, Sun 02:47. Subject: Re: Alt.security discussion (long) From: jbass (John Bass, temporary account) Newsgroups: alt.security Date: 22 Apr 90 09:47:55 GMT Sender: news@sco.COM I to have to lend support for leaving this group an open widely distributed forum. I have been on both sides of the fence over the last 21 years ... both managing and cracking systems. During 1970 to 1973 I was too bright, too interested in systems programming, and too often in the wrong place at the wrong time. I was continuously accused to attempting to breach facility security by three separate college data center staffs. I was harassed, denied access to facilities, watched like a criminal, and lived under restrictions not placed on other students simply because of a FEAR that I knew too much about operating systems. I did complex 360 DOS RJE sysgens and ported major sections of OS ECAP back to DOS while other students wrote "hello world" fortran and basic programs. I dreamed BAL, DOS, and OS/MVT. Finally I had enough, and with several instructors' support, I started finding out how to do the things I was being accused of. Within a few months I not only identified the underground hackers that were causing the problems, but also helped create the fixes that shut them out. In the sport of this, we protected the identity of the underground groups at CalPoly Pomona and Sacramento and continued to play the game for a year and a half. I cracked the security of the system in a few weeks simply by knowing it could be done (having been already accused of such). Most of the things we did were directly in response to the negative direction provided. The system was a nation wide timesharing service (CTS/ITS) based on the XDS940 rel 3 OS converted to run on CDC 3100's and 3300's. The system was based on a similar model as UNIX with supposedly VERY TIGHT SECURITY. We broke that security right down to intercepting interrupt vectors and inserting private kernel code and maintained a level of penetration for 18 months while providing the facility staff source level fixes from the disassemblies of the raw binary. Early in the assault we were aided by the DEBUGGING aids left by the systems staff ... a user level command to dump/patch the kernel address space! We also found doing a particular type of memory allocate gave you the first available DIRTY memory pages ... allowing some very interesting statistical analysis to recreate a complete runtime binary image of nearly every processes text and data space, including kernel temporary buffers for terminal I/O and File I/O (a great hunting land for passwords and other trivia!). I also wrote a program to attempt all possible system calls with widely varied arguments ... stumbling upon the fact that the haltsys system call could be executed in user mode and various peripheral ioctl's as well (taking offline printers and disks). As we found new ways break the security, we would pass the old ways on to the facility staff ... keeping the window open for us and closing it for others. (I greatly appreciate the insights to what could be done to the system during my visit Easter break 1973 provided by Steve Mayfield and Gary Philips of CalPoly Pomona, as well as the XDS 960 sources and PLM's they later provided!) (I suppose I should also thank Alan and the gang at CalState Sacramento for discovering you could link an operators console, thus stealing all operations passwords and the resulting havoc and concern they caused, which I was then accused of). (Hmm I suppose I should also thank Bob Oberwager(SP?) and the staff at CalState Northridge, which managed the CalState version of the system, for being such panic stricken mindless idiots to have blamed me for the many things I hadn't done during fall 72 and winter 73 ... and then continuing to blame me instead of the underground groups! Without their quick guidance I would have missed many of the things the other groups were up to!!!) The systems staff was outraged because NOBODY had the source except them. Armed with the original XDS source, we were able to disassemble the 3300 port back to source code in about a man year. We did most of our work on other systems to prevent the sysops from spying. Many thousands of feet of paper tape was punched at 110 buad on an ASR33 teletype, converted to a 9 track tape on a varian, and disassembled late at night on one of several 360 sites. Much of the SECURITY of the system was the supposed lack of internal documentation, which we recreated in better detail than the internal staff had. UNIX is a completely different beast ... nearly every major hacker has partial source of some version along the way ... the university environment has been too lax in protecting the source base. It is impossible to hide ones head in the sand with such widely held source access ... even without sources, disassembly is an easy method to recreate sources, particularly with other source versions around as a model. Instead of bitching about this forum, more attention should be paid to the gamesmanship that is played out between bad hackers and their victims. These energies need to be recognized and redirected where possible to supervised positive pursuits. The ethics and liabilities need to be discussed at length with proper reprimands for those who step over the line. Management FEAR must be replaced with INFORMED action to stop this deadly game. Even good kids can crack when subject to long term negative pressure. I stayed above ground from 1970 through 1975, in the face of threats of expulsion and legal reprisals, with the support of some understanding faculty. The long term strain and anger from this, combined with some severely bad personal times, lead to a lash out against ITS in 1975, resulting in an ethics breach I am not proud of ... and some lessons learned. There need to be more MIT & Berkeley style open student managed systems for undergraduates ... giving our future sysops and system programmers a breeding ground to develop in. This really applies at BOTH college and High School level. There is NOTHING MAGIC OR SPECIAL about computer data ... it is JUST LIKE it's paper counter part. Everyone should be made to understand that sneaking about in ones electronic world is just as offensive as violating ones physical world. IE it doesn't matter if someones home/office/desk is not locked ... we KNOW that we SHALL NOT enter unless invited ... DITTO for computer places. Unfortunately this analog is not clearly stamped into the heads of most people in our society ... and certain people like Stallman perpetuate the myth that computer data/programs/assets are exempt from real world rules of ownership and privacy. SO ... post and discuss the bugs here ... enlist the aid of the good hackers and do what ever is necessary to keep the bad hackers from stepping over the line. have fun ... John L. Bass PS: I am glad I grew up when I did ... these kids legal liabilities for hacking today are utterly frightening ... especially for viruses. We need a re-union party for hackers from this period!!! Write me. ----[end of included article] =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=  Downloaded From P-80 International Information Systems 304-744-2253 12yrs+