UNIX security breach

utzoo!decvax!duke!chico!harpo!cbosg!teklabs!tekmdp!dadlaB!dadlaA!steve utzoo!decvax!duke!chico!harpo!cbosg!teklabs!tekmdp!dadlaB!dadlaA!steve
Wed Mar 3 15:38:05 AEST 1982 

Experts battle security breach

By LEE DEMBART
LA Times - Washington Post News Service

   Computer experts are scurrying to counter what may be the most serious
threat to computer security to crop up since the machines were invented.
   A group of students at the University of California at Berkely figured
out an extremely simple and undetectable way to crack a large number of
computer systems and remove, change or destroy the information they contain.
   News of the existence of the students' method has leaked out into the
computer community before manufacturers have been able to devise a way to
neutralize the threat.
   "We've been sitting around for years thinking about what if someday
something like this happened," said Donn Parker of SRI International in
Menlo Park, Calif., one of the world's leading experts on computer crime.
"All of a sudden it has, and we're now trying to deal with it."
   There is no evidence that anyone has actually used the method to commit
a crime, but, then again, it would not be noticed immediately if anyone had.
   Although SRI is distributing detailed instructions on the method to
computer operators with a need to know, it is reluctant to discuss the
specifics with the public at large.
   However, Parker said that the method works by allowing a person at a
computer terminal to impersonate another user at another terminal and have
access to all of the data that the other user has access to.
   Computers have long been known to be insecure, a major concern to
society as increasing amounts of financial and personal information are
stored and transmitted electronically.
   Computer security experts try to remain one step ahead of the computer
criminals in a continuing game of cat and mouse. In general, it becomes
harder to crack the systems, but the newest method is a good deal easier.
   "Among the technological methods of attack, this one is probably
the most serious that has been uncovered primarily because it's so simple
to do and because there are so many systems that are vulnerable," Parker
said.
   The system in question in the Berkeley case is the UNIX, manufactured
by the Digital Equipment Corp., although it is assumed that other systems
would be affected as well.
   UNIX enables one computer to serve many terminals through a process
called time-sharing. Each individual working at a terminal has the
impression that he has the computer's undivided attention, when in fact
the computer is serving many users at many terminals, such as, for example,
airline reservation clerks.
   Parker said that all UNIX-based systems - of which there are thousands
operating in the world - are vulnerable to the security breach.
   "It's used everyplace throughout the research, academic, business and
government communities," Parker said.


   The above was in our local paper today. Needless to say, it is
curiosity-making. OK, you Berkeleyites, what happened? What's the
straight scoop? What is this magic method? I would appreciate it
if you would respond via "mail" instead of broadcasting it.

		Steve Den Beste
		Tektronix Logic Analyzer Engineering
		(ucbvax!teklabs!tekmdp!dadlaB!dadlaA!steve)

More information about the Comp.unix.wizards mailing list