The Boston Diaries

The ongoing saga of a programmer who doesn't live in Boston, nor does he even like Boston, but yet named his weblog/journal “The Boston Diaries.”

Go figure.

Monday, February 16, 2009

Governments aren't the only ones that are Balkanizing the Internet

It must have been, oh, 1993 or 1994. I had just logged into the computer in my office at college (a very sweet SGI Personal Iris 4D/35) when I noticed something rather odd—I was already logged in. Upon further inspection, it appeared I was logged in from Russia.

Oh. How nice.

I don't pick easy passwords (just ask Smirk—he bitches everytime I pick a new root password that he has to memorize). They really are a random pick of letters, numbers and punctuation with no rhyme or reason.

And yet, here was someone in Russia, logged into my computer.

This was before ssh was even released, so everybody either used rsh (which I couldn't stand) or telnet. And the problem with both was that passwords were passed across the network in plaintext. And that was the problem.

At the time, I was working in the Math Department. On the other side of the building you had the Geology Department. And I should mention that at the time, the second floor was wired for 10Base-2 (all computers on a network segment share a single communications wire—think of a party line for computers).

Unbeknownst to me (or in fact, most of the people in the second floor) someone in the Geology department had decided to install a Unix system, only they didn't quite realize what they were doing because they left the root account without a password! And because the network was 10Base-2, it was real easy for a hacker to install a network sniffer and grab passwords as they were sent across the network.

Not much to guard against that type of attack.

Fast forward ten years, and my account is again hacked. This time it was an inside job—that is, a server I was maintaining for a company had been hacked by someone in said company (not really “hacked” as in he obtained the passwords) and compromised (backdoors and password loggers installed).

And again, not much I could have done to guard against that type of attack, except maybe to not log into personal machines from a work machine.

Fast forward to today. Saw the following on an internal trouble ticket from P:

[New SSH-only server] hacked?

What is /root/send/send.php? Looks like some type of spamming script.

I check, and sure enough, my account had been compromised. And this on a new server installed, with the absolutely latest version of ssh (compiled from source!) and only one of three programs running (syslogd which wasn't listening for a network connection, and crond, which doesn't listen on the network).

And there it was, sending out spam.

Nuke. Pave. Do not pass Go. Do not collect $200.00.

Sigh.

Obligatory Picture

An abstract representation of where you're coming from]

Obligatory Contact Info

Obligatory Feeds

Obligatory Links

Obligatory Miscellaneous

Obligatory AI Disclaimer

No AI was used in the making of this site, unless otherwise noted.

You have my permission to link freely to any entry here. Go ahead, I won't bite. I promise.

The dates are the permanent links to that day's entries (or entry, if there is only one entry). The titles are the permanent links to that entry only. The format for the links are simple: Start with the base link for this site: https://boston.conman.org/, then add the date you are interested in, say 2000/08/01, so that would make the final URL:

https://boston.conman.org/2000/08/01

You can also specify the entire month by leaving off the day portion. You can even select an arbitrary portion of time.

You may also note subtle shading of the links and that's intentional: the “closer” the link is (relative to the page) the “brighter” it appears. It's an experiment in using color shading to denote the distance a link is from here. If you don't notice it, don't worry; it's not all that important.

It is assumed that every brand name, slogan, corporate name, symbol, design element, et cetera mentioned in these pages is a protected and/or trademarked entity, the sole property of its owner(s), and acknowledgement of this status is implied.

Copyright © 1999-2024 by Sean Conner. All Rights Reserved.