[ISN] Network Cracking Turns Meaner With Fracking ...

From: mea culpa (jerichoat_private)
Date: Sat May 30 1998 - 02:34:47 PDT

  • Next message: mea culpa: "[ISN] CGI vulnerabilities that leave back doors open still plague Web s ites (fwd)"

    Forwarded From: Nicholas Charles Brawn <ncb05at_private>
    [Only a few gripes with this article. :)
     Firstly, I believe the commonly accepted term for a "phone hacker" was a
     phreak, not as this article suggests, a "fracker".
     Secondly, I believe the term "cypherpunk" is the accepted description for
     someone who is a "specialist in cracking cryptographic algorithms",
     though that might be smearing the term somewhat.
     Sounds like they're trying to whip up some new buzzwords. :)  -Nick]
     WELLESLEY, MASSACHUSETTS, U.S.A., 1998 MAY 28 (Newsbytes) -- By 
    Jacqueline Emigh, Newsbytes. Network "cracking" is evolving in a more 
    malicious direction, while adding specialty areas like "fracking" and 
    "crypting" in the process, said a member of a new anti-cracking unit at 
    Cambridge Technology Partners (CTP), during CTP's "New Hack Tour." 
       Really, "cracker" -- rather than "hacker" -- is the word to use in 
    describing individuals who break into networks, said Wyly Wade of CTP's 
    Enterprise Security Systems Group, during a meeting with Newsbytes at  the
    CTP-sponsored conference. "Hacker" actually refers to anyone who  writes
    program code, even an end user who scripts Microsoft Word  macros, Wade
    told Newsbytes. 
       Emerging derivatives of the term "cracker" include "fracker," meaning  a
    person who breaks into phone networks, and "crypter," a specialist in 
    cracking cryptographic algorithms, Wade added. 
       The earliest crackers engaged in the practice for "humanitarian" 
    reasons, such as the desire to help companies build better products, 
    according to Wade. The humanitarians were the joined by those who  cracked
    networks to "further the free exchange of information." 
       Later on came groups like the PLO, which breaks into networks "purely 
    for profit;" and finally, people whose motives are entirely malicious. 
       Many of the newest breed of crackers are kids who are unaware of 
    cracking's roots, said Wade, one of eight members of a new anti-  cracking
    Internet security team at CTP. 
       CTP, a systems integration and software development specialist based  in
    Cambridge, Massachusetts, formed the new group, known as "Core," in 
    response to customer requests. CTP takes a "partnering" stance with its 
    customers, meeting whatever IT (information technology) requirements  need
    to be addressed, Wade maintained. 
       With Internet security a rising concern among customers, the new  "Core"
    group stays about a year ahead of the industry at large in  keeping on top
    of new security threats, Newsbytes was told. 
       The job is challenging, because new "incursions," or security holes, 
    keep showing up every day, according to Wade. 
       A few of the more popular methods of cracking being discussed at this 
    week's conference include the FTP (file transfer protocol) bounce  attack,
    protocol tunneling, and tactics such as SYN flooding, which  result in
    "denial of service." 
       In the FTP bounce attack, crackers manipulate FTP PASV mode, using  PORT
    and QUOTE to send scripts that allow them to gain access to  unauthorized
    FTP servers, speakers said during conference sessions.  Protocol tunneling
    calls for encapsulating, or hiding, one protocol  inside of another, such
    as a telnet inside a ping request. 
       Many tactics can be used to bring denial of service, including SYN 
    flooding, ghost routing, and service loops, for instance. In this type  of
    attack, users typically do not even realize a server has been hit,  instead
    believing that the server must be busy, or down for  maintenance, for
       Wade pointed out that new viruses continue to fester, as well.  Viruses
    are already showing up in the 32-bit environment, although some  people
    said this would never happen. And these perennials of cyberspace  are
    certain to land on new 64-bit platforms, as well, Wade predicted. 
       Cambridge Technology Partners is located at http://www.ctp.com on the 
    World Wide Web. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:54:36 PDT