Found, a new rootkit

Tue Apr 4 05:31:55 UTC 2006

Craig White wrote:
> On Fri, 2006-03-31 at 18:30 -0500, Gene Heskett wrote:
> 

>>>My money is on sshd - somebody with a weak password.
>>>
>>
>>We found a couple that were downright 
>>stupid/dumb/assinine/all_of_the_above.
>>
>>Fixed, with a cluex4 upside the head to the parties involved.
> 
> ----
> users do what users do
> 
> it's actually the fault of the admins who don't use any password
> checking mechanisms, but I suppose that it's more feasible to blame
> stupid users...of course, I would never do such a thing  ;-)

Several years ago (like 1990 or so) I got interested in UNIX
security, etc. and just by poking around on the system found
the password file, and guessed maybe crypt(). So I fiddled
a little bit, just on my own, you know, and came up with
something that could verify my own password. So then I got
a small spell checker dictionary, and wrote a little password
cracker which would try the user's name, user's name backwords,
case variations on both, and words from the spell dictionary.

Cracked about 20 passwords in one afternoon. I went to a guy
I knew who worked in system admin, and told him about it.
I told him we needed to get some policy on passwords. His
response was to shush me, shut his door, and tell me under
his breath that I was close to getting fired. Anyway, he agreed,
and I copied the files off that system and deleted the originals.
I argued that I was no potential risk to the company, actually
helping them, and that I had done nothing wrong. He agreed
with that, too, but warned me again.

Later, real policies *were* instituted, and the password program
began refusing "simple" passwords.

Some years later, a memo went out with password policy written,
which we were all supposed to sign and return to H.R. Stupid
idea. Anyway, right on its heels came another humorous memo simply
circulated around, which stated a very long list of rules
about passwords, and then claiming that only one password
passed all the tests, and were were all told to come by H.R.
and get our copy of it, so we would all be "secure".

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!