From szielins@us.oracle.com Sun Aug 13 23:20:19 1995 From: szielins@us.oracle.com (Stephan Zielinski) Subject: Re: bad user. no password Newsgroups: alt.sysadmin.recovery Date: 29 Jul 1995 00:06:59 GMT Organization: Oracle Corporation. Redwood Shores, CA Reply-To: szielins@us.oracle.com Path: senator-bedfellow.mit.edu!bloom-beacon.mit.edu!newsfeed.internetmci.com!news.dacom.co.kr!news.netins.net!solaris.cc.vt.edu!news.bluesky.net!gatech!news.sprintlink.net!uunet!in2.uu.net!news1.digital.com!nntp-hub2.barrnet.net!nntp-hub.barrnet.net!inet-nntp-gw-1.us.oracle.com!decay.us.oracle.com!szielins Lines: 206 Message-ID: <3vbu33$g0d@inet-nntp-gw-1.us.oracle.com> References: <3v580g$er@susscsc1.rdg.ac.uk> NNTP-Posting-Host: decay.us.oracle.com X-Newsreader: TIN [version 1.2 PL2] Jonathan. H. N. Chin (shrchin@reading.ac.uk) wrote: > I first came across Alec Muffett's crack programme in about 1991 or 92. . . . > They now run the programme periodically there and I believe that users > are automatically informed if their passwords are guessed. I know that this is alt.sysadmin.recovery, so seriousness is out. I'll attach a very amusing piece at the end to try to make it up to y'all. Running Crack on your users passwords, although wildly entertaining, is kinda dirty pool. If you just want to know your users passwords, hack /bin/passwd. If you want your users to pick nonguessable passwords, hack /bin/passwd... Of course, if you have an existing userbase, Crack may be a good idea. But even then, I'd be more inclined to hack /bin/passwd to disallow easy passwords and then change everybody's passwords to unguessable gibberish. (And remember: if you use code to randomly generate passwords, seed it with a few thousand bits of information from a table of random numbers. Real random numbers, the kind you get in books.) ------------------------------------------------------------------------- I (Stephan) didn't write the following piece. I wish I knew who did. Date: Fri, 25 Mar 1994 02:29:28 UTC Message-ID: <023309Z25031994@anon.penet.fi> Newsgroups: rec.humor From: an46153@anon.penet.fi (Featherlace) Subject: Just another day.... This kind of thing would never happen here, and I can't imagine it happening anywhere, but this came to me in a dream and I just had to post it. I'm posting anonymously to test out the anon remailer, not out of any sense of fear or embarassment at all, since my users are so totally unlike this. Jim McCarthy, lead sysadmin, arrives at work ready for anything. Maybe today won't be as bad as yesterday. Any phone messages? Hope not... YOU HAVE TWENTY SEVEN ARGH! Motherfffffff..... MESSAGES. PRESS ONE TO FIRST MESSAGE. "Hi... um.... this is um.... George. I... um can't get to Last name, George, tell me your.... my server. Um... can you help? This is Server's name, George, what's.... very important. Um, please fix this as Tell me your phone number, George. soon as you can." END OF FIRST MESSA Phone num- Son of a b* SECOND MESSAGE. "Jim, this is Cameron G. I just connected a few systems to Oh no.... If he's touched - the building backbone, could you assign What? Where did you get access to - me IP addresses 200 through 205 for them? I tried pinging those addresses Cretin, those are reserved - and nothing was there, so they're Oh, wow, he must have found the hub available, I've got my systems on those in the 1st floor lab and tapped - addresses now. And one of the systems NO! Where are they? will be a router to a couple of local nets, could you assign me some subnet numbers too? I figure I'll need two You SOB, what are you planning!? subnet numbers, no, make that three. I'm gonna have a chat with your Thank you." END OF SEC- boss.... THIRD MESSAGE. "Hi, this is Madeline in Mister Smith's office. We have some very important customers coming in for a demo in the old cafeteria, so I guess we need network hookups for about What! There's no network hookup in a dozen systems, I'm not sure exactly, the old caf- Damn. I can run a and I guess wires and stuff, whatever fiber over the weekend.... I need a they need to be on the network and talk hub, two fiber transceivers, um, to our servers on the third floor and about fifty feet of.... to the customers' servers in Ohio, cause What? Ohio? The security firewall they want to see a demo with live data. won't let.... I can write a proxy - The demo starts at 1:00, so please make Eh? What day, Madeline? sure everything works by then. It'll be over by 5:00 PM because the customers What day? fly home tonight. Please let me know NO! NOT TODAY! I CAN'T GET - when this is working so I can tell the YOU PROMISED ME A WEEK'S WARNING! president. Thank you." END OF THIR- YOU SLUT! FOURTH MESSAGE. "Yiya Mac, this is Don't call me Mac. Paul. My brother has been telling his Uh oh, payroll. third grade class, he teaches social studies, about this Information Freeway Heh heh heh. thing and they're all gung-ho about it but, Mac, you know how schools can't get Don't call me Mac! any money these days, so, Mac, I told my brother that we could let them use the Uh oh. systems here, right? No big deal. If Oh, no you don't. you could set up a shared account for his class, Mac, make the password Don't hyperventilate, don't hyperv- 'password', I'll give them the 800 number to dial in. Hey thanks a lot, Later. Can't call payroll person Mac." END OF F raving imbecile. Call later. FIFTH MESSAGE. "Hello, this is... *ahem* John.... Roberts? I work for one of your customers? And I like just Who the heck is this found a big security hole in one of your company's programs? Could you send me a list of the security holes that you Heh heh already know about so I can tell you if it's already in there? And if it's not Haaaaaahahahahaha then I'll, you know, give you more of a description? Mail the list to HAAHAHAHAHAHAHA! bin@cs.umx.edu, that's an account I'm HAHAHA Brian will freak.... borrowing because, like, the systems at work aren't configured all the way yet? Haaaaaahahahaha stop! stop! Thanks.... Good bye...." END O MESSAGE SAVED. PRESS ONE T SIXTH MESSAGE. "Hello, uh, this is Bert. I tried sending a message to the Internet and it came back with, uh, an You're not going to tell me the error. Can you tell me how I can get address, or the error message, are this through? Uh, thanks. The error you, Bert. was 'something unknown'. Or 'unknown something', I forget. I deleted the, $ mail bert < /dev/clue uh, message. Anyway, please let me know what I should do." END OF S- Yeah, I'll do that. SEVENTH MESSAGE. "Howdy, Mr McCarthy, this is Dave in Southwest regional support. One of our customers, a big military site, has been having trouble sending e-mail to us. They say they Milnet. Not milnet. need a list of all our system names and IP addresses for their hosts file. I What? For their *what*? couldn't find that list anywhere, but the customer says we must have one somewhere because our mail wouldn't work What? I deleted that file, years- without it. Can y'all send me a copy of the list, or tell me who I should contact to get it? Thank you." Oh lord. EIGHTH MESSAGE. "Jim, this is Cameron G. again. We upgraded our Wellfleet You bastard, if you've - router and for some reason we started having problems with some of our TCP/IP You reversed the interfaces again, clients. I figured it was a nameserver Cameron, you jerk. You did the thing at first, so I replaced the same thing the last time - resolver file on all the clients with a hosts file, but that didn't help so I NO! figured it was a netmask problem so I changed the netmask on all the clients to the default 16 bits, but that didn't NO! DAMN YOU! I'LL BREAK YOUR help so I figured it was a wiring FINGERS! problem so I ran a piece of thinnet from >from our net into the lab net, but that YOU ANENCEPHALIC SLIME! I'LL KILL didn't help either. I'm going on YOU! I'LL KILL YOU! vacation for two weeks and I'm about to leave, so could you contact Darryl and help him get it straightened out? He's ARGGGGGGGGHH! out today but will be in tomorrow. Thanks." END O*F EIG*TH M* NINTH MESSAGE. "Hi, this is Terry. Can you tell me how I can have two mailboxes on my account with different mail Eh? I'll give her a second accoun- addresses? I'm letting my boyfriend use my account so he can read news and stuff Oh, no. on USENET. But it's a problem because No. He can use a public access he doesn't want me reading his mail so when something comes in I have to call him so he can tell me if it's mine so I What in hell? can read it. He's not allowed to get an account on a public site 'cause of some kind of probation thing. Thanks!" END *gasp* AIIIEEEE! TENTH MESSAGE. "Jim, this is Bernard in finance. I've got this purchase order in front of me, for twelve thousand What!? I sent that in two months- dollars for this connection to Inter Net for a year. This kind of money is a problem right now, so could we look at doing without this temporarily, or Doing *WITHOUT*? This is a software getting another vendor for this, who company, what kind of reputation - doesn't cost so much? My brother-in-law Doesn't cost - ??? says he connects to Inter Net for just twelve dollars a month, and gets all kinds of shopping services besides, and That's PRODIGY! he says you can even get to Inter Net over cable TV now. Could you write up an evaluation of all our options, cost-wise, and get back to me with it? What! I haven't got time to write- I'll hold off on the PO until I hear No! They'll cut us off again! >from you." END OF TE*** *** CRASH Damn phone! PRESS ONE T YOU HAVE SEVENTEEN MESSAGES REMAINING. PRESS ------------------------------------------------------------------------- To find out more about the anon service, send mail to help@anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin@anon.penet.fi. -- Stephan Zielinski