I thought I would write my own mixture of Internet urban legend and
fable by adding my own spin to the post included below by Mike Warfield, a
more prominent Atlantan than I, about what happens to people (well,
system admins) who send their vacation messages to anyone who writes them
(and listservs in particular). All of this is reiteration.
And the evil voice in me says: consider setting up a spam mailer to mail
root on every Internet-attached UNIX machine, just don't put the word
vacation anywhere in the spammed message. Make a reply-to address that
works on a machine that can't be traced to you and set up a perl script to
archive all responses with the word "vacation" in it. Attack every box
that generates this response for the full time that the administrator is
away if the intrustion is not noted and defended against. Be amazed by
how many boxes you come to own through this technique. Keep doing it to
every cherry administrator until my name is known by every UNIX admin that
ever lost a job over a security breach, ought to have lost a job over a
breach, or was lucky enough only to have to learn that failing to maintain
security on a machine will lead to lots of ugly clean-up time or loss of
an Internet connection. At that point, my handle will be the boogeyman.
If you believe the boogeyman doesn't exist, you shouldn't be a systems
admin. If you believe that boogeyman exists and have developed a
vocational anxiety toward him, you are a system admin. If you already
a systems admin and are so much in fear that you feel paralyzed and
impotent, you're either wondering how hard it's going to be to change
professions or ought to be. If you are very paranoid because you have had
occassion to see his shadow and not just lived to see the light of day but
now make your money by gambling that he'll never eat more an a minor
appendage, you are a security admin. If you are sure he exists and make
claims that you will track him down and drive a stake through his heart,
you are a security consultant. If you're pretty sure that he exists and
are not nor even have been a systems admin but tell this story a lot, you
are an employee in the marketing department of a firewall or security
services firm. If you've seen more than his shadow, decided to try to
wrestle him into submission, but declare that you're going to just walk
away and never have another such fight after he's surrendered, then you're
a white hat. If you want to be the boogeyman, then you're a script
kiddie who wants to be a black hat. And if you did this two years ago,
you are a black hat.
If you want to tell me that this story will create the boogeyman, you are
a gimp.
If you want to redistribute this message, you are free to do so but with
one condition: that the message excerpted below, which is is no way
copyrighted and which everyone is free to retrasmit, must be retransmitted
with this message, with both messages appearing in full and literally as
they do in the message I first transmitted.
-Bayard G. Bell
(The Mad Hatter)
Emory University
---------- Forwarded message ----------
Date: Sat, 7 Aug 1999 12:55:42 -0400 (EDT)
Is it just me or does this seem to be a really BAD security problem?
[snip; various comments and header & opening lines from vacation list from
an admin to a large internet security list, with following signature line
expunged]
> Thanks for the mail. I'm on vacation until Monday, August 16, 1999.
Well thanks for letting a major security list (probably inhabited
by more than a few with less than your best interest in mind) know that you
are going to be away from your account for over a week.
Let's see now. We know what your account name is likely to be.
We know the system you expect mail to come into. We know the system
the mail appears to have originated on (and the Received-By headers gives
us a clue as to what kind of system as well as it's name and IP address).
Plus we know the next major mail server, which is likely to be your
outgoing mail hub. With a little digging, a real enterprising individual
might track down a real address to go with that name.
If you are lame enough to hit a mailing list and announce that your
account will be unmonitored and vulnerable for the next week, you are
probably lame enough to use some poor password, so it may even be possible
to brute force your account on one or more of those system.
Tell you what... Next time you are on vacation, be sure to put the
fact on your answering system "my house will be vacant for the next week"
and maybe take out an ad in a few newsletters somewhere to insure really
good coverage for the fact that you accounts and premises are wide open
and unwatched...
Mike
--
Michael H. Warfield
(The Mad Wizard)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
