old school security (was: IMS 5000 system password filed cracked)

Tom Peters tpeters at mixcom.com
Sun Apr 22 19:47:05 CDT 2007


In TSS/8, there was an IOT ("WHO") that would return the current user's 
username AND password in Rad50. It was simple to walk up to a terminal 
someone had stepped away from for a few seconds, deposit and few values 
from the command line, jump to it, examine the results, and walk away with 
the values for later decoding to alphanumeric (ascii) characters.

The TSS/8 o/s at UWM (Milwaukee) was extensively rewritten, in part to 
close those gaps. I don't know if it was Dick Bartlein or Sam Milosevich or 
other folks (Al would probably know). They gave it real security, replacing 
the WHO IOT with (I think) a LOGIN IOT.

They also made it refuse a login request unless you prefaced it with ^B. 
That character would always break through to the o/s even if a program was 
running, and prevented a form of trojan horse, wherein you could write a 
simple program that would simulate the login prompts, capture your 
username/password, stash it in a file, and silently log out. If you 
attempted a login with that sort of trojan running, the o/s would intercept 
the attempt, prevent the trojan from seeing any characters, and respond 
?ALREADY LOGGED IN

-t

At 06:16 PM 4/22/2007 -0600, you wrote:
>In article <462BF461.4090406 at compsys.to>,
>     "Jerome H. Fine" <jhfinedp3k at compsys.to>  writes:
>
> > On the other hand, I suspect that the actual clear text of
> > the userid / passwords should never have been stored in a
> > file in the first place.  If that is what you described (based
> > on what you specified above), that was a VERY serious error
> > in the security of the system. [...]
>
>Lots of systems made that error.  For instance, RSTS/E stored the
>passwords in cleartext and you could list them out if you were a
>privileged (1,*) user.  I discovered that when you submitted a batch
>job through the @ processor, it ran as user batch on account (1,2).
>So it wasn't too hard to submit a batch job that ran the ACCOUN
>program to list out the passwords.
>--
>"The Direct3D Graphics Pipeline" -- DirectX 9 draft available for download
>       <http://www.xmission.com/~legalize/book/download/index.html>
>
>         Legalize Adulthood! <http://blogs.xmission.com/legalize/>

-----
784. [Kindness] Kind words do not cost much. Yet they accomplish much. 
--Blaise
Pascal
--... ...--  -.. .  -. ----. --.- --.- -...
tpeters at nospam.mixcom.com   (remove "nospam") N9QQB (amateur radio)
"HEY YOU" (loud shouting)    WEB: http://www.mixweb.com/tpeters
43° 7' 17.2" N by 88° 6' 28.9" W,  Elevation 815',  Grid Square EN53wc
WAN/LAN/Telcom Analyst, Tech Writer, MCP, CCNA, Registered Linux User 385531






More information about the cctech mailing list