<< Previous Message Main Index Next Message >>
<< Previous Message in Thread This Month Next Message in Thread >>
Date   : Tue, 01 Nov 2011 20:18:23 +0100
From   : rick@... (Rick Murray)
Subject: Request for Help - Security Research Project

On 01/11/2011 18:35, Martyn Ruks wrote:

> today's knowledge of vulnerabilities and exploitation techniques. At
> school in the early 90s I came into contact with what I now realise
> must have been an econet environment with a room full of BBC
[...]
> exploitation to the old technology.

Back at school we tried all sorts of stupid tricks until the penny 
dropped that the data transfers were not in any way encrypted. Following 
that, we had a "it never works right" station that was just generally 
left alone. It was actually running a snoop program that scanned network 
data looking for SYST logins, to report the password given. Written by 
somebody way smarter than me. This password would then be written to a 
local floppy for somebody to pick up on later.

While it worked in principle, the FileStore was also fairly weak if you 
had physical access to it. There was a command to set the FileStore 
special user ( *FSUser ) but this was fairly easy to work around if you 
just observed the teacher logging in to format a floppy - *I AM GOD (I 
kid you not!) on the screen. The previous teacher left it at the default 
"SYST".

Pinch of salt - it's like a quarter century old memory!


Best wishes,

Rick.

-- 
Rick Murray, eeePC901 & ADSL WiFI'd into it, all ETLAs!
BBC B: DNFS, 2 x 5.25" floppies, EPROM prog, Acorn TTX
E01S FileStore, A3000/A5000/RiscPC/various PCs/blahblah...
<< Previous Message Main Index Next Message >>
<< Previous Message in Thread This Month Next Message in Thread >>