-----Original Message----- From: Pink Hat [mailto:[EMAIL PROTECTED] Sent: Wednesday, 4 October 2006 2:45 AM To: Tonnerre Lombard Cc: [email protected] Subject: Re: [Full-disclosure] Removing the NIC cable = EoP?
> Wrong. > It is about getting local admin rights in this case as the so called attack scenario requires it. > List -- this is so easy to disprove yet we have all kinds of so called security professonals and in this case a (wow, I am almost pissing > myself) BSD Kernel hacker, stating that they feel its a possible attack. > Go grab VMWare and various windows versions from your favorite warez site and spend the time to actually try things and understand how > the technology works before you comment. > The bottom line is that what was posted on that site about "hacking high school computers" is false. I have been reading this thread on FD because there was something nagging at my memory and I was hoping one of you might prod it to life. Unfortunately you didn't but apparently the "My Documents" in my head defragged itself and spit out the old answer. This idea is a fake and I believe I know from whence it may have come. Back in the 80s when having Internet to a home was about as cheap as buying a 747SP (not 747B, you couldn't afford that one with an Internet yearly payment), there used to exist the old BBS scene. That is, Bulletin Boards that you rang directly to using your 2400BPS modem (or even earlier for those of you who remember the old 300/300 days). Some BBSs used to be correctly written and upon loss of carrier would cancel the session and reset to the start of the program, awaiting a new call. Some would not. Some would sit there and time out before resetting while some would just sit there endlessly. The result of the latter 2 was that someone ringing in after the person who just cut the carrier would end up logged on under that person's access and do whatever that person was capable of doing on that BBS. This sounds like what this whole discussion has been based upon though updated to today's standards. There was a case in the early 90s where you could pull the networking cable out and put it into another computer and assume the network rights of the computer that had it before. Heck, there were some of us who used to do that to check that whatever the whinger was having a whinge about was right or not. The point is, those days of "I am not hacking, I am helping" in the case of the network cable or "Shit! Look at what this idiot has done!" in the case of the modem dropper has not existed, to my meagre knowledge, in a very long time. I do know the early days of the 90s in some ISPs when they were learning their craft of security, you might actually logon and find yourself with someone else's accounts, too. Happened quite accidentally to me once. Rang in on dial up and found I was logged on as someone I didn't know before I could do a thing. THOSE problems are long gone as well. So, I believe that unless there is something I am sadly missing - and let's be honest here, I admit I could be missing something - this seems all to be a load of bullshit. I honest-to-God(Allah, Buddha, whomever) don't really know of any program for communication purposes in serious use these days that is so damned stupid unless it is at least 15 years old. Therefore - PLEASE, someone correct me, point out the error of my ways by either providing the relevant info directly or the link if you are bone lazy like me - or in the absence of such proof, may we now decide this is a load of "politician truth" (that being the same stuff you get from the arse end of a bull)?????? Thank you, Signed - Don't-know-nuffin. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
