[255D[0;1m
[30mUNDERGROUND

[37m[7C     [0m [1;30m   [0m  [1m  [8C
  [7C     [0m  [1;30m   [0m  [1m    [7C  
  [30m[5C[37m    [0m    [1;30m  [0m     [1m     [9C
   [9C     [0m [1;30m    [0m  [1m   [8C  
       [30m[5C[37m[5C[7C[0m      [1;30m[6C[0m   [23C[1m   
    [32m˿   ˿ ˿ ˿    ˿ ˿ ˿ ˿ Ŀ
         ɼ      δ     δ    ˴
     ͼ                   
[37C[37mBY
[33C[30m[37m[30m
[26C[37m

With the positive response I recieved from my last article, I've decided to
continue the series in this issue of [34mSYNCHRONETICS E-ZINE[37m. Last article,
I discussed the most primitive form of [35mhacking[37m, guessing user account
passwords, otherwise known as the [32mBrute-Force method[37m. This would probably be
the most common form of [35mhacking [37mencountered on most systems. This issue, I'd
like to focus on some of the more esoteric, and more effective, forms of
[35mhacking [37mthat you may encounter in your career as a [31mSysOp[37m.

Before I get started I would like to take a moment to reiterate the fact that
most [35mhackers [37mare just curious people who relish the kind of challenge that
system intrusion offers. We don't intend to harm the system or destroy system
data and resources. There is, however, a small minority of [35mhackers [37mwho [35mhack[37m,
not for the challenge or the knowledge gained, but with a darker purpose in
mind. It is these [33mimmature, bed-wetting lamers [37mthat I endeavour to thwart.

The art of [35mhacking [37mis the art of [36munderstanding human nature and psychology[37m.
And two seemingly [0;32muniversal constants [1;37mof human nature are [0;32m1) Laziness[1;37m, and
[0;32m2) Trust[1;37m. First, we'll examine laziness. [35mHackers [37munderstand most people
will try to get away with as little work as possible to accomplish a task.
You can call it whatever you want, laziness, procrastination, working
"smart", unwillingness to [0;36mRTFM [34m(*editor's note: Read The Fudging Manual)[1;37m,
etc.. I call it a window of opportunity not to be passed up. Many times,
when people set up complex systems, they will leave default passwords and
login accounts either from a lack of foresight, or from ignorance. Thus
making it easy as pie for [35mhackers [37mto get a copy of that system's manual
and take advantage of that laziness. So it behooves you to [0;35mREAD [1;37mthe manual
and make certain that no "[0;35mloose-ends[1;37m" such as those are available to make a
hacker's job easy (believe me, they'll thank you for it later).

[36mTrust[37m. Just saying it gives me the [31mwarm fuzzies[37m. Everybody wants to be able
to [36mtrust [37mhis fellow man. It's just human nature. I mean, no one wants to be
thought of as a paranoid schizoid with a persecution complex, do they? So,
unless we have reason not to [36mtrust [37msomeone's intentions, we usually do.
Otherwise, we'd all sit in corner booths at restaurants with our backs to
the wall, right Yojimbo[0;34m(*editor's note: Just because you're paranoid
doesn't mean someone's *not* out to get you)[1;37m? Heheheheh... Long story. Well
anyway, as I was saying, we like to trust people and in turn, like to be
[36mtrusted[37m. But when you're a system administrator, you can't afford such
[31mwarm and fuzzy luxuries[37m. [0;31mCaution [1;37mshould be the word for the day. And just
to prove my contention about trust, what if I were to say that one of
Yojimbo's [0;35mcommand shells [1;37mhe created actually has a back door written into it
that will allow anyone to drop to [34mDOS[37m? How many of you looked at his [0;35m.SRC
[1;37mfiles before you set up the command shells on your system? Not too many. Just
as I suspected [0;34m(*editor's note: There are NO back doors in any of my command
shells, HeadHunter was merely using that as a practical illustration)[1;37m. That's
what I'm talking about when I say [36mtrust [37m(and I guess that's a good example
of [0;32mlaziness [1;37mtoo!). Never take anything you put on your system at face value.

If user's are the weakest link in your system security chain, I'd have to
say external [32mprograms [37m(i.e. [33mDOORS[37m) run a very close second. You never
really know how secure an external program is unless it's one you've
written yourself (and even then there could be bugs). Many [35mhackers [37mare also
proficient [32mprogrammers[37m, and a common tactic of the more creative among us
is to write a [32mprogram [37mwith a built in [31mbackdoor [37mto your system.

Of course, writing an entire [33mexternal program [37mmay seem a little much, and
[35mhackers [37mbeing human, they are also bound by at least one of those universal
constants I was speaking of, [34mlaziness[37m. So a common tactic is to write a
[32m"patch" [37mto an already existing program that either alters it's original
code to create a [31mback door[37m, or, just replaces the old executable with a new
one that has a back door already coded into it. That way, they can just
upload it to their favorite [36mBBS [37m(under a false name, of course) and see who
downloads it. And to lend credence to their bogus program, they'll usually
add in the usual [0;36m.DOC[1;37ms and legal disclosures that you might find in a real
[33mprogram/archive/update [37mfrom that particular company. [30mPretty sneaky.

[37mSo, you're probably wondering, how do you [36mdefend [37magainst that kind of
underhanded attack? Well, for one thing, a great number of [0;32mprogrammers [1;37mare
using [34mPKZIP[37m's [35mauthenticity verification [37moption when they create archives to
be released to the general public. This allows then to basically add a
"[32msignature[37m" to the [34mZIP [37mfile that verifies that it came from that
programmer or company. [31mSignatures can be forged[37m, but it's not very easy.

Another option is to only get program updates/patches directly from the
company, either through their [32mBBS [37mor by [36mU.S. Snail[37m. But this brings up
another tactic of [33mhackers[37m, the old, "[35mProgram update through the mail[37m",
trick. Instead of, or in addition to, uploading their [31mbogus [37mfile to a [32mBBS[37m,
the [33mhacker [37mmay, if he is targeting a particular system, send a very
official diskette containing an "[36mofficial[37m" program update, upgrade, or
patch. Now, this can get heavy since this could also constitute [31mmail fraud[37m,
which means most [33mhackers [37mwill shy away from such tactics but if they're
stupid, or don't care about the [0;32mfeds[1;37m, then they just may try it.

Well, that's it for another edition of H[30ma[37mCK[30me[37mR'S [30mo[37mV[30me[37mRH[30mea[37mRD. I hope I've
enlightened some of you. See you next time in THe D[30m[37mRK C[30m[37mNT[30m[37mN[30m[37mNT......[0m[255D


