Bugtraq mailing list archives
Re: Standard & Poors security nightmare
From: kadokev () MSG NET (Kevin Kadow)
Date: Thu, 25 May 2000 11:57:54 -0500
Just to clarify some questions, Comstock has provided various revisions of the MCSP machines from when I first started looking at a client machine in December. All had root holes. Richard Seaman, Jr. wrote:
The /etc/issue file is blank on the machine I looked at. The help accounts don't exist. The other login accounts exist, however, and all shared a common password that I gather is univeral for all MCSP machines. It also isn't very clever, though after 12 hours crack still couldn't recover it, but since everyone with an MCSP has it, its obviously not secure.
The shared common password is 'abcd1234'. I ran the password file through both John and Crack, one found the 'c0mst0ck' root password, the other support password.
Standard & Poors is simply out of their minds for producing a product like this *and* not responding when the issue was raised.I'd guess that the machine you looked at has a "burn date" prior to the one I looked at. If so, I'd say they responded somewhat half-heartedly to the issues that were previously raised, but perhaps have not tried to fix machines already in the field. If your machine is more recent, then I'd say they are very crazy, since they have regressed.
Comstock had every chance to get full details from me instead of waiting for Mr. Friedl to take the bold step of 'full disclosure' in a public forum. Every mail and fax I sent was clearly marked with my name, email, and phone number. I received exactly _ONE_ response, by email, from a confused admin who wondered how I got his name (from their Internic registration). I first contacted S&P, Comstock, and Mcgraw-Hill by email and fax on January 12, then after receiving no response, posted an outline of the problem to BugTraq on Feb 1st- this post was lost. I had access to a more recent MCSP in March, and posted again on March 24th. At that point I was _nearly_ frustrated enough to march into Comstock's downtown Chicago office with a printout of the exploit details and cracked passwords, in hopes of personally delivering them to the first corporate officer I could find. Kevin Kadow MSG.Net, Inc.
Current thread:
- "gdm" remote hole, (continued)
- "gdm" remote hole Chris Evans (May 21)
- Re: "gdm" remote hole Katherine M. Moussouris (May 22)
- fdmount buffer overflow Arend-Jan Wijtzes (May 22)
- Re: fdmount buffer overflow Greg Olszewski (May 22)
- About VNC Patrick Oonk (May 24)
- Re: fdmount buffer overflow Tomasz Grabowski (May 24)
- Re: fdmount buffer overflow Matt Wilson (May 24)
- Re: fdmount buffer overflow Greg Olszewski (May 22)
- Gauntlet Firewall Vulnerability Elias Levy (May 22)
- Re: Standard & Poors security nightmare Stephen J. Friedl (May 24)
- Re: Standard & Poors security nightmare Warren Young (May 23)
- Re: Standard & Poors security nightmare Kevin Kadow (May 25)
- "gdm" remote hole Chris Evans (May 21)