Scil Tech
The Battalion
Page 8 A • Thursday, Januaiy 23,20
SCI|TECH
[HE BATTAL1
our
Grass-roots trespassing
Low-tech hackers bypass security, get to the source
CHRIS JACKSON
Texas A&M is
doing everything it
can to protect its
computer network
from hackers sneak
ing in the back door.
Sophisticated firewalls
protect the network from
outside attacks, and vir
tual private networks
allow students secure
access to their information off campus and
from wireless locations on campus.
The front door to the system at A&M
and other systems, however, is being left
wide open.
On Jan. 9, 2003, malicious Saudi
Arabian hackers exploited five poor pass
words on the University phone system and
then made international collect calls at the
University’s expense.
The default passwords for at least five
voice mail accounts had not been changed.
Those default passwords were made up of
the same numbers included in the tele
phone number. Low-tech trespassers some
times exploit a few weak passwords such as
these among many strong ones to gain
access to vital information or simply for
the fun of it.
Business Week reported that an associ
ate dean at Princeton University was fired
for accessing a Yale admissions site using
student passwords that he guessed. Darielle
Insler admitted to guessing one of her
teacher’s passwords when gaining access to
her grades at the University of Delaware,
The New York Times reported. The Saudi
Arabians who hacked A&M’s phone sys
tem correctly assumed that default pass
words that included parts of the accounts’
phone numbers had not been changed.
Yet weak passwords are not always the
cause of low-tech security breaches.
Sometimes, a trespasser can gain access to
a restricted system by simply asking a user
for a password.
The industry phrase is “social engineer
ing,” and it is the technique of acquiring a
critical password or other information by
merely asking for it.
The New York Times reported that
Darielle Insler called the personnel depart
ment at the University of Delaware posing
as one of her teachers and was given the
password needed to change her grades.
She was failing math, science and English
until she asked for — and received — the
access to restricted information.
Hacker-turned-consultant Kevin
Mitnick discussed social engineering with
the San Francisco Chronicle in late
October 2002. He described how these
low-tech hackers might pose as a techni
cian trying to fix a problem.
“(Potential hackers) will call or e-mail
an unsuspecting person and tell them that
there is a problem with their network and
then try to troubleshoot that nonexistent
problem,” Mitnick said. “When the prob
lem is solved, the attacker asks, ‘While 1
have you on the phone, can I ask a favor?”’
Social engineers make it seem all right
to give out restricted information because
the engineer poses as someone who could
get that sort of information through legiti
mate channels if he wished. At first, this
approach seems simple enough to protect
against; employees and other users should
keep their information private. The skilled
social engineer, however, is able to break
through the common sense barrier to get
what he wants — whatever it may be.
Mitnick said he called a Motorola 800
number as he walked home from work one
day, and by the end of
the 20-minute walk, he
had the source code for
his Motorola cellular
phone. With that code,
he could have dismantled
his phone’s software and
found vulnerabilities to
exploit in other Motorola
phones. Mitnick did not
comment on what he did
with the knowledge, but
said, “You have to think
about how much money
and high-tech security
Motorola had used to
protect that code,” high
lighting the fact that he
had in 20 minutes what
Motorola had probably
spent millions of dollars
to protect.
The most expensive
and powerful security
available would not have
been able to protect
curity
Tips
Never sive out your password
Report suspicious requests for your
passwords
Don’t use names, places or dictionary
words as a password
Always chanse default passwords
Use numbers, uppercase and lowercase
letters
pravis swenson • THE BATTALION
Let's Co
wJm mt m HmmMmg
.. .. , ■ . ; ■ . ■: -• . '
fMgt gagf
Thursdays in The Battalion
I
1
Queso & Chips
^ONE C
8 I 5 Harvey Rd.
696-5570
1:00 p.m. - 8:00 p.m.
Monday - Friday only
Expires February 28, 2003
Offer good with purchase.
Limit one per party.
■OHIM
m M*****™^ as m&Bssm as ,
1808 Texas Ave.
College Station
and
3224 S. Texas Ave.
Bryan
We accept credit cards!
Two Can Dine for $ 5.99
2 Fish & More
or
2 Chicken & More
Pti'ISs
®B
Come and Get It!
Enjoy some Real Texas Bar-B-Q
25% OFF
I
When you present this ad. Limit 1 person.
Coupon good for up to MO. 00 . Dine In Only.
504 Harvey Road
696-7383
Valid thru May 31, 2003 • Rudy's accepts the Aggie Card
aawww Si *
_
T 1
Kyoto Sushi
College Stations Sushi Bar in Northgate
LUNCH SPECIAL
10 a.m. - 4 p.m.
1 California Roll s 2.25
2 Roll Combo *4.50
Lunch Box *7.99
: \ ^ U
Sake .
Bomb
Happy Hour
3 p.m. - 6 p.m.
Monday-Friday
Ipc. Sushi *1.25
1 California Roll
(6pc.) *2.25
I
113 College Main
In Nortngate
a* 846-5541
Thur - Fri - Sat:
till 1 a.m.
*1111
_
TO GO AVAILABLE
Thurs-Sat: 10:30am-lam
Sun-Tues: 10:30am-lOpn
farfbi
~ A 'A" llSil
Debate over Hawaiian
volcanoes continues!
0SS1
LIAONING (
lunters in China
red what may I
reirdest prehistoi
Motorola’s source code in Mitnick’s case,
because the security was not broken — it was
bypassed altogether.
The good news is that social engineering
does not need to be a problem in businesses
and organizations. The solution lies simply
in the education of users on the importance
of password security. Users should know
and understand that network administrators
and other people who actually need comput
er access codes will be able to get them
through means other than average end-users.
Large-scale computer networks have
working security measures to detect and
correct intrusions after the fact, but the bur
den of preventing these breaches falls into
the hands of the users themselves.
Yale’s associate dean was discovered in
his trespassing, Insler’s grade-changing
scheme was found out at the University of
Delaware and the Saudis’ free phone service
was promptly cut off by A&M. These uni
versities experienced problems which can
be caused by weak passwords, unwitting
divulgence of passwords, and poorly main
tained systems that employ basic or default
passwords. Without user education and co
operation, organizations will continue to
spend money barricading the back door
while intruders walk right in the front.
By B.J. Reyes
THE ASSOCIATED PRESS
Geologists say an outpour
ing of lava from the Kilauea
volcano that began last May
may have stemmed from
activity beneath neighboring
Mauna Loa, reviving a
decades-old debate about
whether the two volcanic sys
tems are connected.
“We have detected a corre
lation between these events at
a very short time scale,” sci
entists reported in the current
issue of the journal Nature.
The scientists have long
believed that Mauna Loa, the
world’s largest volcano, and
Kilauea are connected deep
beneath the Earth's surface.
But the new study suggests
there is a shallow interaction
between the magma systems
of Mauna Loa and Kilauea,
reported Peter Cervelli and
Asta Miklius of the U.S.
Geological Survey’s
Hawaiian Volcanoes
Observatory at Kilauea.
“I think it’s real,” said Paul
Segall, a geophysicist at
Stanford University. “We
know there’s ultimately a sin
gle source. This indicates that
they’re probably a little more
complicated than that and
there are interactions between
their two systems.”
Mauna Loa has erupted 33
times in the past 150 years,
most recently in Spring 1984,
when a three-week eruption
sent a 16-mile lava Bow
toward Hilo. The current Pu'u
‘O'o-Kupaianaha eruption at
Kilauea began 20 years ago
and ranks as the most volumi
nous outpouring of lava on
the volcano’s east rift zone in
the past six centuries.
Last Mother’s Day, lava
en — a four-wi
at apparently gl
tree.
The 128-mi
imal — callei
|ui, in honor of C
legist Gu Zhiwe
1/2 feet long an
if feathered wing
n its fore limbs ai
hind legs.
Exactly where
ts into the evol
|nd dinosaurs is
^searchers spec
leveloped around
s or even later
began flowing from a ne.|
vent on the west side olj
Kilauea.
At about the same timel
Mauna Loa began inflating
with the summit area risiiii|
slightly and the calderl
widening to suggest swellipj
of the magma reservoir wiy
in the volcano, researcherj
said.
“The Mother’s Day flo
was nothing spectacular o'
unusual on Kilauea. excep
that it had been preceded b;
several months of inflation.'
C ervelli said. “If it’s notcot uo ' win - birdl
cidence, this is kind of tk Archaeopteryx
first line of geophysical ev
donee that shows the twovo
canoes are communicating"
Tests, simulations ani
other monitoring determine
that the possibility of a coir,
cidence was less than one is
10, Cervelli said.
Researchers said there ait
two possible explanationsfo
the apparent connectioi
between the volcanoes.
“One way of thinkins
about it is ... Mauna L«
began to inflate and on Nfa
dieved to have I
illy flapping its u
Paleontologist
ntrigued by the d
lA a lave seen glidi
efore. but never c
rs. And they hav
our-winged dino;
‘It would be
- the weirdest c
odd of dinosau
aid Luis Chiappe
ist at the Na
/luseum of I
Zounty who did
12 squeezed its neighbc ’the dig
Scientists said
iscovered in
rovince of Liaor
f Beijing, at a
ielded several in
ens in recent ye
Kilauea. which pushed it ova
the edge and that caused tl*
Mother’s Day event,” he said
“My favorite hypothesis
that a slug of magma enteid
into Mauna Loa and actually!
as it was passing by Kilaueil e b ate between n
squeezed Kilauea and trigl ow dinosaurs
gered this failure — it spruni| v °l vet l i n t° birds
a leak, in effect, and thJ One theory he
Mother’s Day event ensued,' P these apparent
It’s hard to tell whethetf arne d to flap t
similar events have occuneei ower flight wh
before because equipmet: f rom tree
being used today — indudr theory s
continuous monitoring mi jcameei to fly 1
global positioning devices-l leir running spt
is far better than any thin; | m g s an d taking
used in the past, Cervelli saidi roun d-
I The latest find
Ion the gliding-ii
dventure
{with benefits)
Mission: Oversee an international program in one of these fields:
agriculture, business, community development, education, health,
environment or information technology.
Benefits: 24-Vacation Days a Year, Housing, Medical and Dental,
Monthly Stipend, Transportation to and from Host Country, Student I
Deferment and Graduate Degree Opportunities.
Interested? Talk to On-Campus Recruiter Dr. Nelson Jacob, ,
• In person, TAMU Career Center, 209 Koldus Bldg. /
• By phone, (979) 458-3699.
• Via e-mail, peacecorps@tamu.edu.
“It’s
fhiappe
a phene
said.
www.peacecorps.gov • 1-800-424-8580
lything that resi
e whole dinos
ctrum.”
Details of the
Thursday’s iss
Nature.
Paleontologist
e Institute c
'aleontology
aleoanthropolo]
hinese Academ
[escribed six fo
athers arranger
milar to wing fe
|rn birds.
“They are 1c
lave asymmetric
ight feathers,” /
The feathered
ar wings, Xu s
ted they could 1
1 an intermed
levelopment bei
All Ladies FREE all night!!
Guys over 21 Free until 10:00 pw
$ 1 Bar Drinks
$ 2 Premium Drinks
8-11 p.m.
$ 1 Pints f $ 2 Tap Teas
all night
Kitchen open all day, all night!!
696-5570
for details
Party Safe and Designate a Driver.
ndian sari
WASHINGTON (
lay be enough
ages in Bangladc
In a study appe
icademy of Sci
hrough nylon m<
l oncluded that tl
l illages where th
I ands of people.
I "Sari cloth is ch
I ban the nylon n
lilogy at the Ur
Iiuthor of the stu
I Colwell said r
jnost of the cho
jvater is attachec
ion commonly fc
J
C
* 10% 1
140