totse.com | CERT Advisory 12/10/90


	About


	Community


	Bad Ideas


	Drugs


	Ego


	Erotica


	Fringe


	Society

	Hack
		Hacker Zines
			CERT
			CHAL
			CHAOS
			CIAC
			CPD
			CPSR
			CRH
			CWD
			CuD
			CuD/A
			EFF
			LOL
			MOD
			Miscellaneous Phreak and Hacker Zines
			NIA
			RISKS
			UXU


	register \| bbs \| search \| rss \| faq \| about
	meet up \| add to del.icio.us \| digg it
	CERT Advisory 12/10/90 NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site. Article 30 of comp.security.announce: Path: usenet.ins.cwru.edu!tut.cis.ohio-state.edu!ucbvax!CERT.SEI.CMU.EDU!cert-advisory-request From: [email protected] Newsgroups: comp.security.announce Subject: CERT Advisory - Security probes from Italy Message-ID: <[email protected]> Date: 10 Dec 90 21:59:12 GMT Sender: [email protected] Distribution: inet Organization: The Computer Emergency Response Team Lines: 66 Approved: [email protected] CA-90:11 CERT Advisory December 10, 1990 Security probes from Italy ------------------------------------------------------------------------------- Many sites on the Internet received messages from "[email protected]" (131.175.10.64) on Sunday, December 9. The messages stated that "miners" is a group of researchers and students in the computer science department at the state university of Milano in Italy; a group testing for a "common bug" in network hosts. In addition to the messages, a number of sites detected probes from the unimi.it domain. Later today, a number of individuals received a follow up message from "[email protected]" explaining the activities. We have received reports that this activity has now stopped, and an unofficial explanation has been provided by several administrators at the University of Milano. The rest of this message describes the sequence of events and the security holes that were probed. Following the original messages from miners@ghost and postmaster@ghost, another message was sent on the afternoon of December 10th from several administrators at the University of Milano. They stated that the authorities at the University had been informed and that the attempts had stopped. They also noted that they had not been informed of the tests in advance. The administrators at the University of Milano have sent us a copy of the scripts that were used to probe the Internet sites. These scripts checked for the existence of the sendmail WIZ and DEBUG commands, and attempted to get /etc/motd and/or /etc/passwd via TFTP and by exploiting an old vulnerability in anonymous FTP. The scripts also attempted to rsh to a site and try to cat /etc/passwd. Finally, the scripts mailed to root at each site they tested with the message from "[email protected]". The administrators at the University of Milano state that the group that did this was doing this to discover which (if any) sites might have had these security flaws, and then to let the sites know about these vulnerabilities. They have stated that they still intend to inform sites that have these vulnerabilities. To our knowledge, no site was actually broken into (as of December 10, 1990). Nonetheless, the CERT does not condone this type of activity. Most of the information in this advisory is based on information given to us via e-mail from individuals at the University of Milano. We have not yet been able to check this information with any officials at the University; if we learn of any other significant information, we will update this advisory. ------------------------------------------------------------------------------ Computer Emergency Response Team (CERT) Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Internet E-mail: [email protected] Telephone: 412-268-7090 24-hour hotline: CERT personnel answer 7:30a.m.-6:00p.m. EST, on call for emergencies during other hours. Past advisories and other information are available for anonymous ftp from cert.sei.cmu.edu (128.237.253.5).
	To the best of our knowledge, the text on this page may be freely reproduced and distributed. If you have any questions about this, please check out our Copyright Policy. totse.com certificate signatures
	About \| Advertise \| Bad Ideas \| Community \| Contact Us \| Copyright Policy \| Drugs \| Ego \| Erotica FAQ \| Fringe \| Link to totse.com \| Search \| Society \| Submissions \| Technology

	Reading childrens books weird?
	What are you currently reading?
	How often do you read?
	Would you let your novel become a movie?
	Penguin and Barnes and Noble, fleecing customer?
	Chuck Palahniuk
	What does reading mean for you?
	Book Recommendation


	Sponsored Links Ads presented by the AdBrite Ad Network

TSHIRT HELL T-SHIRTS

www.pigdog.org