lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <005001c3e161$1907e150$2a29a8c0@fastguy>
Date: Thu, 22 Jan 2004 22:29:21 -0500
From: ~Kevin DavisĀ³ <computerguy@....rr.com>
To: "BUGTRAQ@...URITYFOCUS. COM" <BUGTRAQ@...urityfocus.com>
Subject: Re: Major hack attack on the U.S. Senate


This was clearly not a "hack attack".  The title and opening content of this
article is quite intentionally misleading.  The phrases "infiltration",
"monitoring secret memos", "exploited computer glitch", "hack attack" are
used.  If you read the entire article you will find out the following:

First, "A technician hired by the new judiciary chairman, Patrick Leahy,
Democrat of Vermont, apparently made a mistake that allowed anyone to access
newly created accounts on a Judiciary Committee server shared by both
parties -- even though the accounts were supposed to restrict access only to
those with the right password."

Which means the Democrats screwed up setting up their own share point and
allowed public access to it.  There was no "computer glitch" which was
"exploited".  This was completely a human screw-up.  And there was no
hacking ("exploitation of a computer glitch") done by the Republicans.
Unless you wish to call clicking on a share point configured with public
access and opening it up "hacking".

Additionally the Republicans allegedly "in the summer of 2002, their
computer technician informed his Democratic counterpart of the glitch".

The Republicans knew that the share was supposed to be protected (why else
would they inform the Democrats of the misconfiguration?) so they certainly
did something wrong despite (supposedly) warning the Democrats of the
problem, but not to the extent that the article - in the way that it was
written - would like you to believe.

----- Original Message ----- 
From: "Richard M. Smith" <rms@...puterbytesman.com>
To: "BUGTRAQ@...URITYFOCUS. COM" <BUGTRAQ@...urityfocus.com>
Sent: Thursday, January 22, 2004 12:25 PM
Subject: Major hack attack on the U.S. Senate


>
http://www.boston.com/news/nation/articles/2004/01/22/infiltration_of_files_
> seen_as_extensive?mode=PF
>
> Infiltration of files seen as extensive
> Senate panel's GOP staff pried on Democrats
> By Charlie Savage, Globe Staff, 1/22/2004
>
> WASHINGTON -- Republican staff members of the US Senate Judiciary Commitee
> infiltrated opposition computer files for a year, monitoring secret
strategy
> memos and periodically passing on copies to the media, Senate officials
told
> The Globe.
>
> From the spring of 2002 until at least April 2003, members of the GOP
> committee staff exploited a computer glitch that allowed them to access
> restricted Democratic communications without a password. Trolling through
> hundreds of memos, they were able to read talking points and accounts of
> private meetings discussing which judicial nominees Democrats would
fight --
> and with what tactics.
>
> The office of Senate Sergeant-at-Arms William Pickle has already launched
an
> investigation into how excerpts from 15 Democratic memos showed up in the
> pages of the conservative-leaning newspapers and were posted to a website
> last November.
>
> With the help of forensic computer experts from General Dynamics and the
US
> Secret Service, his office has interviewed about 120 people to date and
> seized more than half a dozen computers -- including four Judiciary
servers,
> one server from the office of Senate majority leader Bill Frist of
> Tennessee, and several desktop hard drives.
>
> ...
>
>
>



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ