Bugtraq mailing list archives

Re: Standard & Poors security nightmare

From: kadokev () MSG NET (Kevin Kadow)
Date: Thu, 25 May 2000 11:57:54 -0500


Just to clarify some questions, Comstock has provided various revisions of
the MCSP machines from when I first started looking at a client machine in
December. All had root holes.

Richard Seaman, Jr. wrote:

The /etc/issue file is blank on the machine I looked at.  The help accounts
don't exist.  The other login accounts exist, however, and all shared a
common password that I gather is univeral for all MCSP machines.  It also
isn't very clever, though after 12 hours crack still couldn't recover it, but
since everyone with an MCSP has it, its obviously not secure.


The shared common password is 'abcd1234'. I ran the password file through both
John and Crack, one found the 'c0mst0ck' root password, the other support
password.

Standard & Poors is simply out of their minds for producing a product
like this *and* not responding when the issue was raised.


I'd guess that the machine you looked at has a "burn date" prior to the
one I looked at.  If so, I'd say they responded somewhat half-heartedly
to the issues that were previously raised, but perhaps have not tried
to fix machines already in the field.   If your machine is more recent,
then I'd say they are very crazy, since they have regressed.


Comstock had every chance to get full details from me instead of waiting
for Mr. Friedl to take the bold step of 'full disclosure' in a public forum.

Every mail and fax I sent was clearly marked with my name, email, and phone
number. I received exactly _ONE_ response, by email, from a confused
admin who wondered how I got his name (from their Internic registration).

I first contacted S&P, Comstock, and Mcgraw-Hill by email and fax on
January 12, then after receiving no response, posted an outline of the problem
to BugTraq on Feb 1st- this post was lost. I had access to a more recent MCSP
in March, and posted again on March 24th.

At that point I was _nearly_ frustrated enough to march into Comstock's
downtown Chicago office with a printout of the exploit details and
cracked passwords, in hopes of personally delivering them to the first
corporate officer I could find.

Kevin Kadow
MSG.Net, Inc.

Current thread:

"gdm" remote hole, (continued)
- "gdm" remote hole Chris Evans (May 21)
  - Re: "gdm" remote hole Katherine M. Moussouris (May 22)
- fdmount buffer overflow Arend-Jan Wijtzes (May 22)
  - Re: fdmount buffer overflow Greg Olszewski (May 22)
    - About VNC Patrick Oonk (May 24)
    - Re: fdmount buffer overflow Tomasz Grabowski (May 24)
  - Re: fdmount buffer overflow Matt Wilson (May 24)
- Gauntlet Firewall Vulnerability Elias Levy (May 22)
- Re: Standard & Poors security nightmare Stephen J. Friedl (May 24)
- Re: Standard & Poors security nightmare Warren Young (May 23)
- Re: Standard & Poors security nightmare Kevin Kadow (May 25)