Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
history:hack93 [2014/12/27 01:27] – [Synchronet/DSZ Hack of 1993] digital man | history:hack93 [2016/02/29 18:34] – [The Admission] Grammar deuce | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Synchronet/ | ====== Synchronet/ | ||
- | In August of 1992, I began to hear rumors that there was a known vulnerability in Synchronet and some Synchronet BBSes were suspected to have been " | + | In August of 1992, I began to hear rumors that there was a known vulnerability in Synchronet and some Synchronet BBSes were suspected to have been " |
===== The Vulnerability ===== | ===== The Vulnerability ===== | ||
- | A dubious and not-very-well documented feature of [[http:// | + | A dubious and not-very-well documented feature of [[http:// |
To be fair, the DSZ documentation (DSZ.DOC) does contain these notes about the '' | To be fair, the DSZ documentation (DSZ.DOC) does contain these notes about the '' | ||
Line 36: | Line 36: | ||
KD and I conducted some investigation into the attack and tried to determine who were the most likely culprits. Apparently some word of our investigation got out and motivated the attacker to send me an " | KD and I conducted some investigation into the attack and tried to determine who were the most likely culprits. Apparently some word of our investigation got out and motivated the attacker to send me an " | ||
+ | |||
+ | ===== The Disclosure ===== | ||
+ | |||
+ | On January 28, 1993, I posted this vulnerability disclosure to all Synchronet sysops (with a more detailed analysis/ | ||
+ | |||
+ | < | ||
+ | Subject: DSZ restrict parameter | ||
+ | |||
+ | Due to an unfortunate feature in DSZ, ALL Synchronet sysop must add the | ||
+ | ' | ||
+ | |||
+ | Example command lines for versions before v1b r1: | ||
+ | |||
+ | You temp directory for each node should be set to " | ||
+ | Placing the temp directory on another drive will not work. | ||
+ | |||
+ | DSZ Ymodem Batch UL: %!dsz portx %u,%i est 0 %e re rb %g | ||
+ | DSZ Zmodem Batch UL: %!dsz portx %u,%i est 0 %e re rz %g | ||
+ | DSZ Ymodem-G Batch UL: %!dsz portx %u,%i est 0 %e re rb -g %g | ||
+ | |||
+ | Example command lines for Version v1b rev 1 (no %g): | ||
+ | |||
+ | Temp directly can be on any drive or directory. | ||
+ | |||
+ | DSZ Ymodem Batch UL: %!dsz portx %u,%i est 0 %e re rb | ||
+ | DSZ Zmodem Batch UL: %!dsz portx %u,%i est 0 %e re rz | ||
+ | DSZ Ymodem-G Batch UL: %!dsz portx %u,%i est 0 %e re rb -g | ||
+ | |||
+ | Quite unfortunately, | ||
+ | and have kept it a secret so they could hack other Synchronet systems. What's | ||
+ | more sad is that they didn't even know the solution to protect their own BBSs. | ||
+ | |||
+ | If you suspect that your board has been hacked, call me voice and I'll help | ||
+ | you find out if it has or hasn' | ||
+ | |||
+ | DM | ||
+ | </ | ||
===== The Admission ===== | ===== The Admission ===== | ||
- | An anonymous user created an account on [[bbs: | + | Sometime later, an anonymous user created an account on [[bbs: |
< | < | ||
Line 52: | Line 89: | ||
</ | </ | ||
- | I was weary of running any executuables uploaded by an admitted " | + | I was wary of running any executuables uploaded by an admitted " |
< | < | ||
Line 285: | Line 322: | ||
===== See Also ===== | ===== See Also ===== | ||
+ | * [[https:// | ||
* [[: | * [[: | ||
* [[http:// | * [[http:// | ||
Line 290: | Line 328: | ||
{{tag>}} | {{tag>}} | ||
- |