Path: utzoo!utgpu!watmath!clyde!att!cuuxb!dlm From: dlm@cuuxb.ATT.COM (Dennis L. Mumaugh) Newsgroups: news.sysadmin Subject: Re: Security checkup Summary: subtle ways are also good. Message-ID: <2188@cuuxb.ATT.COM> Date: 11 Nov 88 20:03:16 GMT References: <167@carpet.WLK.COM <1454@lznv.ATT.COM <1834@ddsw1.MCS.COM <1325@nmtsun.nmt.edu <1146@unisec.usi.com <933@stiatl.UUCP <170@carpet.WLK.COM <363@mccc.UUCP <1386@nmtsun.nmt.edu Reply-To: dlm@cuuxb.UUCP (Dennis L. Mumaugh) Distribution: na Organization: ATT Data Systems Group, Lisle, Ill. Lines: 69 In article <1386@nmtsun.nmt.edu> todd@nmtsun.nmt.edu (Todd/Dr. Nethack) writes: # > ...I was also able to anger the ...security people with an # > attache case filled with bricks. I went by that big # > pretty window that showed off the mainframe and threw in # > the case with # On an un-named campus in California, I kept trying to # convince the sysadmins to move or barricade a window (behind # which sits a Vax 11-785 and the admin. IBM) # They did not think it was any big deal.. also when they # challenged me saying no one could break the security on the # IBM, (since its so tight, DOD uses the same stuff.. etc) # I told them, the easiest thing to do would be to tap the # dialups (yes there are dialups on there grading/bookeeping # mainframe) and wait for the Operator, we'll call him "Joe" to # log in from his pc at home.. which he does all the time. # Needless to say, they just insisted that nobody else would be # smart enough to do such a thing.. (instead of locking or # moving the MC-10 outside the building). # They recently decided to network their Unix lab, to the Vax, # and the Vax is already hooked (via a "secure" link) to the # IBM.. and the Unix lab security? Call it nearly equal to # /dev/null. # My favorite idea was to make a tesla coil and walk up to the # window and zap the brains out of the Vax.. alternately and # cheaper.. is the "hit and run" # Arson, or a firearm of somekind would turn that nice machine # into so much sheet metal.. # You were lucky that they still liked you after that "bomb" # trick.. I had people convinced all I wanted to do was break # into the computers, instead of provided viable answers to # possible future problems.. # There is one person there that still listens to me.. (we'll # call him "Ed") Ed is still in contact with me on how to # fix/secure various things.. Too bad his operators are power # hungry paranoid facists!! # Anyway.. back to work. My friend was more subtle: he left a brick on the person's desk with a paper wrapping saying "This could have been a bomb". The desk was in a very secure area. {My friend was with Army Intelligence and the place was a contractor's facility}. Someone else was asked to penertrate an installation one time and evehtually told his boss he had. He turned over copies of the master tapes for the computer center. At Rocketdyne my secretary got locked out of her safes. Someone exchanged the pad locks while they were open. Of course the person was an attractive male who flirted with her. But even so .... Sometimes concrete proof is the only way to convince people. 'Nuff said. -- =Dennis L. Mumaugh Lisle, IL ...!{att,lll-crg}!cuuxb!dlm OR cuuxb!dlm@arpa.att.com