=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=   F.U.C.K. - Fucked Up College Kids - Born Jan. 24th, 1993 - F.U.C.K.   =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

                           Security is Obscure
                           ~~~~~~~~~~~~~~~~~~~

"Obscure (adj.): [...] 4. Not famous or well-known. 5. Difficult to 
understand." -- _The American Heritage Dictionary_, 2nd ed., 1983.

Okay, so it's an old dictionary. But the meaning of the word "obscure" 
really hasn't changed much in the last decade. 

I wanted to write this file as a word of encouragement to beginning 
hackers who think everything has already been done and security 
everywhere is tighter than the pope's ass (but not the alterboy's, ha 
ha). I intend to illustrate the base ignorance of many system 
administrators who know less about unix than the average hobo does. 

Security is obscure in the sense of the first meaning I quoted; most 
*.edu systems have admins who haven't got the slightest clue as to how
they can secure their system, as well as letting their users (recall that
the weakest link in any "secure" system is usually the people who use it)
choose poor passwords. Thus, if Joe Admin sets up a system and restricts
access to dial-up and computer labs, Joe Hacker will still be able to get
in using Joe User's password ("sex") and a modem. 

One case I wanted to mention specifically in this file happened over the 
course of the past few weeks. I requested and received a copy of an 
unnamed school's passwd file from an unnamed source (you know who you 
are. Thanks again!) after he told me that it was unshadowed and 
world readable. I ran jack on it using a few wordlists before I 
found out that the passwd binary forced users to use non-dictionary 
passwords. Then, because I was bored and needed to brush up on my C 
knowledge (very little, actually), I whipped up a program to output all 
possible 8-character printable password combinations. After some quick 
calculations, I discovered that I would need at least 6,500 9-gig Seagate 
drives and several decades to store all the combinations and use them 
with jack. Discouraged, I dropped the matter for a while.

Then a co-worker asked me to step her through the "reading email" 
process on her account, which happened to be on the system in question. An
account she had never used. One with the default password still in place.

I helped her log in and incidentally discovered that default student 
passwords on this particular system were the first 8 digits of the 
social security number. I also found that the .login script *didn't 
force first-time users to change their password*! I guided her through 
the "changing your password" stage and was astounded to find that this 
poor-security system forced users to use non-dictionary passwords but 
wasn't set up to force an initial password change. 

I let it sit for about a week before I got around to modifying my 
program to output combinations of 8-digit numeric combinations. After 
further trimming it down to output only the combinations beginning with 
521, 522, 523, 524, and 525 (CO-issued SSNs) (the "full" output would 
take about 110 megs), I had a 5-meg wordlist file that has netted me 
over 60 accounts from this system. These accounts were snagged over a 
total period of about 10 hours or so, and I used my very limited SSN 
list. Imagine how many I would have if I used the "full" SSN output and 
gave jack a few weeks.

The second definition of "obscurity" that I quoted does not seem to 
apply at first; most people who work with computers have some 
understanding of security, and admins should be especially aware of 
security issues. Yet I have found and continue to find just the opposite, 
nearly every day. This is why you should use PGP and SSH; why should you 
trust your admin to secure his system? If you have faith in his sysadmin 
skills but I have reason to believe otherwise, then you'll be the one 
who loses when I start hanging out in your home directory.

As an addendum to this file, I'm including "Things overheard while scanning
cell frequencies". I started it as a separate file, but I don't have nearly
enough:

"Oh shit, I just ran a red light."
"People can listen to cellular conversations with one of them hand-held
walkie-talkies."

-Legion

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
= Questions, Comments, Bitches, Ideas, Rants, Death Threats, Submissions  =
= Mail: jericho@dimensional.com                       (Mail is welcomed)  =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=  To receive new issues through mail, mail jericho@dimensional.com with  =
=   "subscribe fuck". If you do not have FTP access and would like back   =
=    issues, send a list of any missing issues and they will be mailed.   =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
= Files through AnonFTP FTP.DIMENSIONAL.COM/users/jericho/FUCK            =
=                       FTP.SEKURITY.ORG/pub/zines/fucked.up.college.kids =
=                       FTP.PRISM.NET/pub/users/mercuri/zines/fuck        =
=                       FTP.WINTERNET.COM/users/craigb/fuck               =
=                       FTP.GIGA.OR.AT/pub/hackers/zines/FUCK             =
=                       ETEXT.ARCHIVE.UMICH.EDU/pub/Zines/FUCK            =
= Files through WWW: http://www.dimensional.com/~jericho                  =
=                    http://www.prism.net/zineworld/fuck/                 =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=       (c) Copyright. All files copyright by the original author.        =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=