Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
history:hack93 [2014/12/27 01:44] – Added disclosure from Jan-1993. digital man | history:hack93 [2015/01/19 13:08] – [See Also] Add link to YT video. digital man |
---|
====== Synchronet/DSZ "Hack" of 1993 ====== | ====== Synchronet/DSZ "Hack" of 1993 ====== |
| |
In August of 1992, I began to hear rumors that there was a known vulnerability in Synchronet and some Synchronet BBSes were suspected to have been "hacked" (usually dial-up modems as was the means of the day). It wasn't until my good friend [[person:King Drafus]]' BBS ([[bbs:The Beast's Domain]]) was penetrated using this vulnerability that he and I were able to get to the bottom of it. | In August of 1992, I began to hear rumors that there was a known vulnerability in Synchronet and some Synchronet BBSes were suspected to have been "hacked" (using dial-up modems as was the means of the day). It wasn't until my good friend [[person:King Drafus]]' BBS ([[bbs:The Beast's Domain]]) was penetrated using this vulnerability that he and I were able to get to the bottom of it. This is that story. |
| |
===== The Vulnerability ===== | ===== The Vulnerability ===== |
| |
A dubious and not-very-well documented feature of [[http://omen.com|DSZ]] allows the sender of a file to specify a path prefix to be be prepended onto the filename being stored on the receiving system thus allowing the sender to create or overwrite files outside of the intended destination directory (the intended destination directory is usually an upload or temporary directory not containing any sensitive system files). Adding a simple "re" (or "restrict") command-line option disables the PREFIX feature and eliminated the vulnerability. In hindsight, it really had nothing to do with Synchronet other than Synchronet had a dependency on external file transfer protocol drivers and this particular one (DSZ) had a significant security weakness in its default configuration. | A dubious and not-very-well documented feature of [[http://omen.com|DSZ]] (a popular file transfer program for BBSes of the time) allows the sender of a file to specify a path prefix to be be prepended onto the filename being stored on the receiving system thus allowing the sender to create or overwrite files outside of the intended destination directory (the intended destination directory is usually an upload or temporary directory not containing any sensitive system files). Adding a simple "re" (or "restrict") command-line option disables the "PREFIX" feature and eliminated the vulnerability. In hindsight, it really had nothing to do with Synchronet other than Synchronet had a dependency on external file transfer protocol drivers and this particular one (DSZ) had a significant security weakness in its default configuration. |
| |
To be fair, the DSZ documentation (DSZ.DOC) does contain these notes about the ''restrict'' option: | To be fair, the DSZ documentation (DSZ.DOC) does contain these notes about the ''restrict'' option: |
| |
===== See Also ===== | ===== See Also ===== |
| * [[https://www.youtube.com/watch?v=XLmxJ8oleZI|Video of hacker's confession with transcription and explanation of audio restoration performed by Deuce]] |
* [[:person:King Drafus]] | * [[:person:King Drafus]] |
* [[http://omen.com|Omen Technology (maker of DSZ and inventor of ZMODEM)]] | * [[http://omen.com|Omen Technology (maker of DSZ and inventor of ZMODEM)]] |
| |
{{tag>}} | {{tag>}} |
| |