home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!zaphod.mps.ohio-state.edu!usc!sdd.hp.com!nigel.msen.com!ilium!sycom!rkushner
- From: rkushner@sycom.mi.org (Ronald Kushner)
- Newsgroups: comp.sys.amiga.datacomm
- Subject: Re: CNET has BACKDOOR???
- Distribution: world
- X-BBS-Software: EXCELSIOR! V0.975
- Message-ID: <rkushner.04q0@sycom.mi.org>
- Date: 30 Dec 92 23:12:58 EST
- Organization: Michigan Information eXchange
- Lines: 53
-
- In an article, gbartoli@netcom.com (Guy Bartoli II) writes:
-
- >Thorsten Deck (tdeck@lifestyle.rhein-main.de) wrote:
- >: Please Help me!
- >: I Run Cnet BBS SYSTEM V2.41. In the last Night a user has connectet as
- >SYSOP!!
- >: But no PW is wrong. The Hacker has many PWs from my User how???
- >: And 2 HD partions are deletet!
- >: If you have any information for an CNET BACKDOOR Please write me a E-MAIL!
- >:
- >: I can my SYSTEM only Protect if i look the way!!
- >:
- >: Please write me! Thanks...
- >: PS: Sorry, for the bad english!
- >
-
- >First off, be careful using the word "Backdoor," because that implies that
- >the programmer purposefully put this method for gaining private passwords
- >into the system -- which is not the case.
-
- I've heard backdoor rumors for the last 7 years...I dunno about a "password"
- that will enter C-Net, but I've suspected there are little flaws that are
- overlooked that take systems down.. I know of an 'oversight' in pre-2.0 C-Net
- that will take the whole system down, some are still there. It's concieveable
- that you could view passwords with the oversights in the system. I still
- have a friend who's an EE major at U of M that swears up and down that C-Net
- has flaws engineered into the system purposly, though I don't see the
- authors of C-Net doing that since it can compromise the bottom line if
- discovered.
-
- >I'm not going to bother describing the method (bug) since I know people
- >of more malicious attitudes will repeat it on their local CNet systems, but,
- >any system that has been "attacked" by a hacker MUST delete their BBS.udata
- >files since the hacker has most-likely attained every user's password and
- >you will never get rid of the *sshole.
-
- Humm....Sounds like a real solution.
-
- >PLEASE! This is not a backdoor. It's a bug in the system that someone has
- >uncovered and is taking advantage of. There should be a fix up on the
- >support board (Future World) immediately! If you haven't had a hack attempt
- >yet, do not delete your BBS.udata ... if someone has gotten ahold of one
- >password, he probably has 'em all, so restart your userlog.
- >
-
- Are you saying this flaw is known about by the authors of C-Net where there
- is an immediate fix ready for immediate release? Is there a fix for people
- who didn't pay for an upgrade to 2.0 C-Net?
-
- >p.s. I'm in no way connected to Perspective Software, the hacker, or
- >Barbara Bush. Thank you.
-
- Me neiher...
-