Differences

This shows you the differences between two versions of the page.

--- history:hack93 [2014/12/27 03:01] – [Synchronet/DSZ Hack of 1993] digital man
+++ history:hack93 [2024/04/04 14:13] (current) – Updated link to omen tech (on archive.org now) digital man
@@ Line 5: / Line 5: @@
 ===== The Vulnerability =====
-A dubious and not-very-well documented feature of [[http://omen.com|DSZ]] allows the sender of a file to specify a path prefix to be be prepended onto the filename being stored on the receiving system thus allowing the sender to create or overwrite files outside of the intended destination directory (the intended destination directory is usually an upload or temporary directory not containing any sensitive system files). Adding a simple "re" (or "restrict") command-line option disables the PREFIX feature and eliminated the vulnerability. In hindsight, it really had nothing to do with Synchronet other than Synchronet had a dependency on external file transfer protocol drivers and this particular one (DSZ) had a significant security weakness in its default configuration.
+A dubious and not-very-well documented feature of [[http://omen.com|DSZ]] (a popular file transfer program for BBSes of the time) allows the sender of a file to specify a path prefix to be be prepended onto the filename being stored on the receiving system thus allowing the sender to create or overwrite files outside of the intended destination directory (the intended destination directory is usually an upload or temporary directory not containing any sensitive system files). Adding a simple "re" (or "restrict") command-line option disables the "PREFIX" feature and eliminated the vulnerability. In hindsight, it really had nothing to do with Synchronet other than Synchronet had a dependency on external file transfer protocol drivers and this particular one (DSZ) had a significant security weakness in its default configuration.
 To be fair, the DSZ documentation (DSZ.DOC) does contain these notes about the ''restrict'' option:
@@ Line 89: / Line 89: @@
 </code>
-I was weary of running any executuables uploaded by an admitted "hacker", but out of curiosity I decided to run them on a completely isolated system. Upon running the ''RUNME.COM'' program, it displayed the following short blurb:
+I was wary of running any executuables uploaded by an admitted "hacker", but out of curiosity I decided to run them on a completely isolated system. Upon running the ''RUNME.COM'' program, it displayed the following short blurb:
 <code>
@@ Line 99: / Line 99: @@
 <code>
-Give credit where credit is do. Mithrandir, Disk Killer, Dirtbag, St. Elmo,
+Give credit where credit is due. Mithrandir, Disk Killer, Dirtbag, St. Elmo,
 The Zipper, The Sidewinder, and Nighthawk, had absolutely nothing
 what-so-ever to do with the hacking of the Synchronet boards in this area.
@@ Line 254: / Line 254: @@
 Are you implying that you already know of other ways in? It's a pain in the ass
-trying to find the gay "features" that are available in the BBS related
+trying to find the stupid "features" that are available in the BBS related
 utilities (DSZ, PKZIP, etc.). Internal protocols, doors, etc. would eliminate
 all those variables, but would also limit the functionality and extensibility
@@ Line 322: / Line 322: @@
 ===== See Also =====
+  * [[https://www.youtube.com/watch?v=XLmxJ8oleZI|Video of hacker's confession with transcription and explanation of audio restoration performed by Deuce]]
   * [[:person:King Drafus]]
-  * [[http://omen.com|Omen Technology (maker of DSZ and inventor of ZMODEM)]]
+  * [[https://web.archive.org/web/20151005025132/http://www.omen.com/|Omen Technology (maker of DSZ and inventor of ZMODEM)]]
   * [[:history:|history index]]
 {{tag>}}

Trace:

Differences

Navigation

Search

Toolbox