all the comment wars are currently going on on comp.security, alt.security,
Do we need to see them here too?
No new tricks were applied. Sendmail, loadmodule, rdist, yp/nis, and
PC-based packet sniffing were all exploited to gain initial entry and obtain
root on internet systems.
Then the compromised systems were trojaned to snoop/sniff/tcpdump logins and
passwords on the internet..
We also have seen increased ISS activity, but this may be unrelated.
(or a super-strain if iss).
Use of one-time passwords, digital tokens, or other enhanced authentication
technology, as well as decent firewalling prevents these attacks from
(plus keeping current on vendor patches)
Brad Powell : brad .
Full Time: Sr. Network Security Analyst |Part time: Cyberspace PI
Computer/Information Security.| and Consultant
Sun Microsystems Inc. |
The views expressed are those of the author and may
not reflect the views of Sun Microsystems Inc.
>From Firewalls-Owner @
COM Tue Feb 8 00:09:38 1994
>Date: Tue, 8 Feb 94 02:53:53 EST
>To: Firewalls @
>Subject: Two security issues
>Dear Firewalls readers,
>I am absolutely astounded that not a peep has been heard on this group
>since the CERT advisory last Thursday re widespread internet breakins.
>Today's WSJ said UCB, Texas and other sites were attacked probably from
>PA and Phoenix. Any comments?
>I also noted today, as I am currently involved in database administration,
>that the sybase user passwords are easily grep'd out of the master.dat
>files. Did I miss something here? This isn't strictly firewall related and I
>shall cross-post to security groups.
>|Henry Katz |
>|ISCS, Inc (212)685.3057 |
>|Currently on contract to |
>| Lehman Bros | (212) 464.3363 (tel)|
>| 388 Greenwich St | (212) 464.3118 (fax)|
>| NY NY 10013 | hkatz @