AdadlaA.94 net.unix-wizards utcsrgv!utzoo!decvax!duke!chico!harpo!cbosg!teklabs!tekmdp!dadlaB!dadlaA!steve Wed Mar 3 15:38:05 1982 UNIX security breach Experts battle security breach By LEE DEMBART LA Times - Washington Post News Service Computer experts are scurrying to counter what may be the most serious threat to computer security to crop up since the machines were invented. A group of students at the University of California at Berkely figured out an extremely simple and undetectable way to crack a large number of computer systems and remove, change or destroy the information they contain. News of the existence of the students' method has leaked out into the computer community before manufacturers have been able to devise a way to neutralize the threat. "We've been sitting around for years thinking about what if someday something like this happened," said Donn Parker of SRI International in Menlo Park, Calif., one of the world's leading experts on computer crime. "All of a sudden it has, and we're now trying to deal with it." There is no evidence that anyone has actually used the method to commit a crime, but, then again, it would not be noticed immediately if anyone had. Although SRI is distributing detailed instructions on the method to computer operators with a need to know, it is reluctant to discuss the specifics with the public at large. However, Parker said that the method works by allowing a person at a computer terminal to impersonate another user at another terminal and have access to all of the data that the other user has access to. Computers have long been known to be insecure, a major concern to society as increasing amounts of financial and personal information are stored and transmitted electronically. Computer security experts try to remain one step ahead of the computer criminals in a continuing game of cat and mouse. In general, it becomes harder to crack the systems, but the newest method is a good deal easier. "Among the technological methods of attack, this one is probably the most serious that has been uncovered primarily because it's so simple to do and because there are so many systems that are vulnerable," Parker said. The system in question in the Berkeley case is the UNIX, manufactured by the Digital Equipment Corp., although it is assumed that other systems would be affected as well. UNIX enables one computer to serve many terminals through a process called time-sharing. Each individual working at a terminal has the impression that he has the computer's undivided attention, when in fact the computer is serving many users at many terminals, such as, for example, airline reservation clerks. Parker said that all UNIX-based systems - of which there are thousands operating in the world - are vulnerable to the security breach. "It's used everyplace throughout the research, academic, business and government communities," Parker said. The above was in our local paper today. Needless to say, it is curiosity-making. OK, you Berkeleyites, what happened? What's the straight scoop? What is this magic method? I would appreciate it if you would respond via "mail" instead of broadcasting it. Steve Den Beste Tektronix Logic Analyzer Engineering (ucbvax!teklabs!tekmdp!dadlaB!dadlaA!steve) ----------------------------------------------------------------- gopher://quux.org/ conversion by John Goerzen of http://communication.ucsd.edu/A-News/ This Usenet Oldnews Archive article may be copied and distributed freely, provided: 1. There is no money collected for the text(s) of the articles. 2. The following notice remains appended to each copy: The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996 Bruce Jones, Henry Spencer, David Wiseman.