[ Pobierz całość w formacie PDF ]
.They were convinced of theextent of the breach when asked to view page 1, the main index page,which bore the deliberate mis-spelling: Idnex.Such a changetheoretically could only have been made by a Prestel employee withthe highest internal security clearance.Within 30 minutes, thesystem manager password had been changed on all computers, public andresearch.All 50,000 Prestel users signing on immediately afterNovember 2nd were told to change their personal password withoutdelay on every computer to which they were registered.And every IPreceived, by Special Delivery, a complete set of new user and editingpasswords.Three weeks after the story broke, the Daily Mail thought it hadfound yet another Prestel hack and ran the following page 1 headline:'Royal codebuster spies in new raid on Prestel', a wondrouscollection of headline writer's buzzwords to capture the attention ofthe sleepy reader.This time an Information Provider was claimingthat, even after new passwords had been distributed, further securitybreaches had occurred and that there was a 'mole' within Prestelitself.That evening, Independent Television News ran a feature muchenjoyed by cognoscenti: although the story was about the Prestelservice, half the film footage used to illustrate it was wrong: theyshowed pictures of the Oracle (teletext) editing facility and ofsome-one using a keypad that could only have belonged to a TOPIC set,as used for the Stock Exchange's private service.Finally, the nameof the expert pulled in for interview was mis-spelled although he wasa well-known author of micro books.The following day, BBC-tv'sbreakfast show ran an item on the impossibility of keeping Prestelfile:///E|/Books/Hackers Handbook.htm (90 of 133) [11/28/2000 5:58:50 AM]Hacker's Handbooksecure, also full of ludicrous inaccuracies.** Page 94It was the beginning of a period during which hackers and hackingattracted considerable press interest.No news service operating inthe last two months of 1984 felt it was doing an effective job if itcouldn't feature its own Hacker's Confession, suitably filmed in deepshadow.As happens now and again, press enthusiasm for a story ranahead of the ability to check for accuracy and a number of Hacks ThatNever Were were reported and, in due course, solemnly commented on.BT had taken much punishment for the real hack--as well as causingdeep depression among Prestel staff, the whole incident had occurredat the very point when the corporation was being privatised andshares being offered for sale to the public--and to suffer anunwarranted accusation of further lapses in security was just morethan they could bear.It is unlikely that penetration of Prestel tothat extent will ever happen again, though where hacking isconcerned, nothing is impossible.There is one, relatively uncommented-upon vulnerability in thepresent Prestel set-up: the information on Prestel is most easilyaltered via the bulk update protocols used by Information Providers,where there is a remarkable lack of security.All the systempresently requires is a 4-character editing password and the IP'ssystel number, which is usually the same as his mailbox number(obtainable from the on-system mailbox directory on page *7#) whichin turn is very likely to be derived from a phone number.Other viewdata servicesLarge numbers of other viewdata services exist: in addition to theStock Exchange's TOPIC and the other viewdata based servicesmentioned in chapter 4, the travel trade has really clutched thetechnology to its bosom: the typical High Street agent not onlyaccesses Prestel but several other services which give up-to-dateinformation on the take-up of holidays, announce price changes andallow confirmed air-line and holiday bookings [ Pobierz całość w formacie PDF ]
zanotowane.pl doc.pisz.pl pdf.pisz.pl odbijak.htw.pl
.They were convinced of theextent of the breach when asked to view page 1, the main index page,which bore the deliberate mis-spelling: Idnex.Such a changetheoretically could only have been made by a Prestel employee withthe highest internal security clearance.Within 30 minutes, thesystem manager password had been changed on all computers, public andresearch.All 50,000 Prestel users signing on immediately afterNovember 2nd were told to change their personal password withoutdelay on every computer to which they were registered.And every IPreceived, by Special Delivery, a complete set of new user and editingpasswords.Three weeks after the story broke, the Daily Mail thought it hadfound yet another Prestel hack and ran the following page 1 headline:'Royal codebuster spies in new raid on Prestel', a wondrouscollection of headline writer's buzzwords to capture the attention ofthe sleepy reader.This time an Information Provider was claimingthat, even after new passwords had been distributed, further securitybreaches had occurred and that there was a 'mole' within Prestelitself.That evening, Independent Television News ran a feature muchenjoyed by cognoscenti: although the story was about the Prestelservice, half the film footage used to illustrate it was wrong: theyshowed pictures of the Oracle (teletext) editing facility and ofsome-one using a keypad that could only have belonged to a TOPIC set,as used for the Stock Exchange's private service.Finally, the nameof the expert pulled in for interview was mis-spelled although he wasa well-known author of micro books.The following day, BBC-tv'sbreakfast show ran an item on the impossibility of keeping Prestelfile:///E|/Books/Hackers Handbook.htm (90 of 133) [11/28/2000 5:58:50 AM]Hacker's Handbooksecure, also full of ludicrous inaccuracies.** Page 94It was the beginning of a period during which hackers and hackingattracted considerable press interest.No news service operating inthe last two months of 1984 felt it was doing an effective job if itcouldn't feature its own Hacker's Confession, suitably filmed in deepshadow.As happens now and again, press enthusiasm for a story ranahead of the ability to check for accuracy and a number of Hacks ThatNever Were were reported and, in due course, solemnly commented on.BT had taken much punishment for the real hack--as well as causingdeep depression among Prestel staff, the whole incident had occurredat the very point when the corporation was being privatised andshares being offered for sale to the public--and to suffer anunwarranted accusation of further lapses in security was just morethan they could bear.It is unlikely that penetration of Prestel tothat extent will ever happen again, though where hacking isconcerned, nothing is impossible.There is one, relatively uncommented-upon vulnerability in thepresent Prestel set-up: the information on Prestel is most easilyaltered via the bulk update protocols used by Information Providers,where there is a remarkable lack of security.All the systempresently requires is a 4-character editing password and the IP'ssystel number, which is usually the same as his mailbox number(obtainable from the on-system mailbox directory on page *7#) whichin turn is very likely to be derived from a phone number.Other viewdata servicesLarge numbers of other viewdata services exist: in addition to theStock Exchange's TOPIC and the other viewdata based servicesmentioned in chapter 4, the travel trade has really clutched thetechnology to its bosom: the typical High Street agent not onlyaccesses Prestel but several other services which give up-to-dateinformation on the take-up of holidays, announce price changes andallow confirmed air-line and holiday bookings [ Pobierz całość w formacie PDF ]