Bugtraq mailing list archives
Re: Have Crackers Found Military's Achilles Heel?
From: mark () ZANG COM (Mark)
Date: Thu, 23 Apr 1998 07:19:33 -0700
From what I can see, the DISA DEM software was/is publically availableat http://tcoss.safb.af.mil/common/HTML/DSC_support.htm (the link is broken though). No wonder the feds didn't bother to come after them ;-)
By the looks of ftp://tcoss.safb.af.mil : 220 tcoss2 Microsoft FTP Service (Version 3.0). Name (tcoss.safb.af.mil:root): ftp 331 Anonymous access allowed, send identity (e-mail name) as password. Password: 230 Anonymous user logged in. ftp> dir 200 PORT command successful. 150 Opening ASCII mode data connection for /bin/ls. 11-20-97 05:16PM <DIR> ActiveX 01-27-98 02:47PM <DIR> disd 04-15-98 09:00PM <DIR> Disn-W 03-12-98 08:33PM <DIR> DITCO 04-14-98 01:45PM 0 dspd8.tmp 04-17-98 12:20PM <DIR> MCI_TCOSS 04-23-98 06:59AM <DIR> PDCBOOK 03-24-98 08:10PM <DIR> R&R 04-15-98 06:52PM <DIR> TSRE 11-20-97 05:27PM <DIR> WinFrame ftp> cd Disn-W 550 Disn-W: Access is denied. So it appears the "highly technical crack team" just ftp'd the software. Wow. They fixed the perms on the dir last week. And what they got: A software tool set called DEM (Visual Basic Programming based) melds the day to day network operations and maintenance efforts. DEM provides the entire RAVN team with a user friendly/graphical based set of tools that allow real-time network access for monitoring, control, re-configuration and testing of the critical pieces of hardware/software that make up the composite RAVN architecture. Both RIMS and DEM data bases are hosted on a stand alone RAVN server operated and maintained by NTAC personnel. The server is accessible via a Local Area Network connection and supports up to 25 simultaneous users. Sounds rather useless unless you have the databases of network equipment and device authentication parameters. Cheers, Mark mark () zang com
Current thread:
- Re: Have Crackers Found Military's Achilles Heel? Mark (Apr 23)