Having reiterated that, and speaking of the hacked ICA pages, half way through November I had an email from some outrageous criminal-type with what looked like a URL. Heh. It didn't look like a URL - it was a URL. And with it came a warning - like, be REALLLLL CAREFUL !!!!!
I may not be a hacker but I share one very important trait with hackers. I'm insatiably curious. Which is why I immediately plugged it in. And landed at the San Diego Super Computing Lab (shudder).
POPCORN INTERMISSION #1:
(I'm not dumb - well, I'm not that dumb - and I expected something to happen, especially since I didn't try to hide my location, like by using a remailer. Even supposing I knew how.)
And now ... back to the feature % )
So (don't you just love it when people drag things out?) the next day, I think it was, I heard from my IP. He'd had an email from the San Diego Super Computing Lab which, you'll remember, has figured prominently in the Mitkin controversy. The email was from the SDSC and claimed I'd hacked into their site. (You gotta laugh. Maybe I'll use nEwj0nS00perHaKr as my nick from now on. Nah. Too long ; )
So naturally, I broke out into a cold, clammy sweat as visions of clean-cut feds wearing ear-plugs and hammering on my door in the dead of night, swam before my eyes.
Being a craven coward, I immediately contacted tep [we shall call him that] at the SDSC saying: I'm the guy who inadvertently breached your security yesterday and this morning. I have an online book called OTRiCS with a chapter on hacking. Someone emailed me the following url (I included the url). But I'm a writer, not a hacker, and I had no idea what is was for. SO I tried it and what came up was: (I included the long screed which appeared when I hit the SDSC site. It included passwords, etc, as well as a couple of groovy nicks.)
I also said that what I'd found when I got there was all Greek to me, and so on, and that I hoped my email cleared up any worries SDSC had - "other than the fact that this url is out there, which I'm sure you knew already". I also said I still didn't know what you'd do with, or through, the code, concluding, And no, I'm afraid I can't share the identitity of the individual who sent me the url.
A red-hot email screamed back from tep, who's since seemingly disappeared into the undergrowth. Don't know why. But before vanishing, he and I enjoyed a bit of correspondence - ie, he emailed me:
"You did not breah [sic] our security. You tried to break in and we caught you. If what you say is true, then someone emailed you a cracking 'tool' that is running around the net these days.
"It exploits a broken program that *was* distributed with a few web servers. The broken program will allow anyone with a web browser to read any file on the system, and sometimes write files, open root xterms, etc.
"CERT did an advisory on this, you can find it at: ftp://info.cert.org/pub/cert_advisories/CA-96.06.cgi_example_code."
POPCORN INTERMISSION #2:
One of the things I like about cruising the hacking/warez usenet groups is: half the time, I can't understand what the hell they're talking about. It's like reading one of the earlier Tom Clancy novels, especially when it comes to high-tech jets. You know ... the good guy hits his finglewop and goes into a high-g scrimbleblaster.
I had the same feeling when I bopped over to cert_advisories/CA-96.06.cgi_example_code. Didn't understand a word. But it looked cool anyhow and led off with:
"The Australian Computer Emergency Response Team (AUSCERT) has received information that example CGI code, as found in the NCSA 1.5a-export and APACHE 1.0.3 httpd (and possibly previous distributions of both servers), contains a security vulnerability. Programs using this code may be vulnerable to attack."
And it was full of stuff like, "A security vulnerability has been reported in example CGI code, as provided with the NCSA httpd 1.5a-export and APACHE httpd 1.0.3 (and possibly previous distributions of both servers). The example code contains a library function escape_shell_cmd() (in cgi-src/util.c). This function, which attempts to prevent exploitation of shell-based library calls, such as system() and popen(), contains a vulnerability. Any program which relies on escape_shell_cmd() to prevent exploitation of shell-based library calls may be vulnerable to attack. "