User Tools

Site Tools


the_cuckoos_egg

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
the_cuckoos_egg [2019/01/02 00:31] – wip lrickerthe_cuckoos_egg [2019/01/02 01:53] – wip lricker
Line 11: Line 11:
 But what struck me most, from this perspective of 30-odd years later, is just how innocent and naïve everyone was about computer security in those days.  Especially in academe and the research labs, passwords were viewed as an anti-social obstacle, and were treated cavalierly at most military installations.  The bad-guy "broke into" several military VMS systems just by "guessing" the default passwords for the privileged ''SYSTEM'' (default password ''MANAGER'') and ''FIELD'' (''SERVICE'') -- Fortunately, VMS system installation has progressed considerably beyond those defaults today.  The bad-guy also hit numerous Unix systems, quickly trying and succeeding with common ''root'' account passwords (including ''admin'', ''root'' and ''1234'').  Several government contractors (major defense-industry corporations) were "wide open" and available for the bad-guy to leap-frog through to other systems, all while the defense contractors' system managers were professing that "our systems are totally secure and impenetrable!"  Stoll showed them all a new, emerging reality. But what struck me most, from this perspective of 30-odd years later, is just how innocent and naïve everyone was about computer security in those days.  Especially in academe and the research labs, passwords were viewed as an anti-social obstacle, and were treated cavalierly at most military installations.  The bad-guy "broke into" several military VMS systems just by "guessing" the default passwords for the privileged ''SYSTEM'' (default password ''MANAGER'') and ''FIELD'' (''SERVICE'') -- Fortunately, VMS system installation has progressed considerably beyond those defaults today.  The bad-guy also hit numerous Unix systems, quickly trying and succeeding with common ''root'' account passwords (including ''admin'', ''root'' and ''1234'').  Several government contractors (major defense-industry corporations) were "wide open" and available for the bad-guy to leap-frog through to other systems, all while the defense contractors' system managers were professing that "our systems are totally secure and impenetrable!"  Stoll showed them all a new, emerging reality.
  
-In the intervening 30 years, we've seen not only the rise and domination of today's Internet (remember, it was immature when Stoll wrote this book), and the eclipse or transformation of the ad-hoc point-to-point networks, Tymnet, and the dedicated milnet.  The U.S. Armed Forces made a big noise about "security" and "classified/top-secret," but were largely clueless about its implementation on actual computer systems.  The TLA-organizations, including the FBI and CIA, were XXX...+In the intervening 30 years, we've seen not only the rise and domination of today's Internet (remember, it was immature when Stoll wrote this book), and the eclipse or transformation of the ad-hoc point-to-point networks, Tymnet, and the dedicated milnet.  The U.S. Armed Forces made a big noise about "security" and "classified/top-secret," but were largely clueless about its implementation on actual computer systems.  The TLA-organizations, including the FBI and CIA, were similarly clueless, both about the technology and about the application of then-available cyber-crime laws The NSA was no help at all, although it's tiny new offshoot organization, the NCSC (National Computer Security Center), became an interested ally  Since the bad-guys were ultimately tracked to Germany, jurisdictional issues and "not my bailiwick" tied Stoll's hands right down to the end of the chase.
the_cuckoos_egg.txt · Last modified: 2019/01/02 04:05 by lricker

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki