[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference noted::hackers_v1

Title:-={ H A C K E R S }=-
Notice:Write locked - see NOTED::HACKERS
Moderator:DIEHRD::MORRIS
Created:Thu Feb 20 1986
Last Modified:Mon Aug 03 1992
Last Successful Update:Fri Jun 06 1997
Number of topics:680
Total number of notes:5456

62.0. "Have You An Amusing Anecdote?" by VAXUUM::DYER () Thu Sep 27 1984 14:45

	What follows is something I came across on the Usenet last March.
		Enjoy!
		<_Jym_>

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

The 'Microlive' program on BBC decided it would be a good thing to
show viewers the wonders of British Telecom's 'Gold System' (electronic
mail.  An advertising blurb says that security is "absolutely no
problem".  No one can read your confidential messages.

Under the scrutiny of millions of viewers, Ian McNaught Davis, the
presenter, punched in his own secret password to read his private
mail.  Great system said British Telecom...secure...wonders of 20th
century technology.  Viewers waited with eager anticipation....then...

The screens of millions of viewers lit up with the words:

	"I hope your television program runs as smoothly as my
	program worked out your passwords.  Nothing is secure.
	Signed The Nutcracker (Hackers UK)"

followed by:

	"Put another password in,
	Bomb it out and try again
	Try to get password logging in
	We're hacking, hacking, hacking, hacking

	Try his wife's maiden name
	This is more than just a game
	It's real fun, but just the same
	We're hacking, hacking, hacking

Davis managed to keep his cool and later said that, "Some bright spark
somehow got into the system and came up with the jingle.  It came as a
bit of a surprise.  It seems that someone has discovered a loophole".

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
T.RTitleUserPersonal
Name		DateLines
62.1ROYCE::KENNEDYMon Oct 22 1984 11:5621
There is a footnote to the preceding anecdote.

This year, there was another BBC Microlive program with Ian McNaught-Davis
and the British Telecom Gold message service.

After the happenings last year, BT were very careful with the account locked
and the password set at the last moment by a senior member of BT staff.

This very senior person then walked into the studio and across to 'Mac' and
whispered the new password into his ear just before the program. This very 
senior person did not know about tie-clip microphones.

The audience who were waiting in one of the conference rooms heard this over
the studio monitors. At least one disreputable type had brought both a
portable computer and an acoustic-coupler with him.

However, BT's security was preserved. The BBC are very strict over outside
lines to prevent personal calls and the hacker could not find a phone
without leaving the studios.

Hugh.
62.2LATOUR::AMARTINSat Oct 27 1984 11:4014
(This relates to this note's title, not .0 and .1).

A friend of mine called me up a few days ago and asked me to dial a certain
number on my phone that has the modem connected to it.  It seems he has added
a modem to his Heathkit Z100(?) and wrote some code to ask for account names
and passwords.  This is so he can hack on his micro during the slow hours while
he is at work.  He needed someone to log in to the system to check it out,
since he didn't have an extra modem and terminal at home.

I logged in, and noticed a file called ACCT.TXT, so I typed it out.  You
guessed it, it was the password file!  If I ever find out how the editor works
on the system, I am going to create an account for my wife, and chop the
accounting entry for my login out of the accounting file.
				/AHM
62.3NY1MM::KURZMANFri Nov 30 1984 03:0126
There is currently a 'widely known' stock service that is currently advertising 
a system that lets you use your touch-tone phone to get stock quotes. They 
charge .50 per minute for connect time.

Although the article that described the system (and tells you how to use
it) lists the telephone numbers for using the system, it also lists a telephone
number for getting a demo.  When you call the demo number, a person tells
you about the service, and asks if she can give you a free demonstration.

You actually hear the entire session, from the moment it asks for her
'secret code', through the time she gets the stock quote of your request.

I even mentioned to her that 'Gee, wasn't it a shame that I don't have a 
tape-recorder, but I guess your secret code changes quite frequently', only 
to be told that 'no, we always use this one'.

Well, anyway, this is an anecdote that is still in the making I guess....
It only goes to show, that no matter how much some people pay attention 
to security, there will always be new holes as technology moves in new
directions.

[I deliberately do not mention which service, or reveal any 'secrets' beyond
common sense, so we are far from a Tcimpidis situation; just reporting a
story, just like the NY Times had a front page article listing which foreign
coins people were using to get $.90 subway rides for about $.02.]
62.4NY1MM::KURZMANFri Nov 30 1984 03:0914
I should also mention that not all 'holes' are accidents.
Perhaps, until their system becomes loaded, they deliberately let clever
people use the system for free. This way, the people become accustomed
to using the system, and get 'hooked'.  When the system utilization of
paying customers starts getting higher, or when response-time or
access-lines hit undesirable levels, they can turn off the 'stolen'
codes, and hopefully get a number of 'hooked' customers to sign up.
(these people might not have ever tried the system again if they thought
they would always have to pay).

Leaving holes can always be done deliberately.
You always have to wonder when you get something for nothing.....