Sentence three years probation 1988 enrolls at pierce

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: isuses campus systems. Expelled. Appealed unsuccessfully 1988: Mitnick breaks into DEC and steals software. 28 Kevin Mitnick 1992: Mitnick violates probation and goes into hiding 1994: California Department of Motor Vehicles issues $1-million warrant for Mitnick's arrest on charges of fraudulently trying to acquire driver identification Christmas 1994: Mitnick accused of invading San Diego Supercomputer Center (attack detected by Tsutomu Shimomura) 29 The attack against SDSC A very sophisticated TCP spoofing attack The attack exploits the trust between hosts: x-terminal: diskless SPARCstation running Solaris 1 server: host providing boot image to x-terminal x-terminal allows unauthenticated logins (and command execution requests) coming from server Denial-of-service attack against server Impersonation of server with respect to the xterminal when executing: rsh x-terminal "echo + + >>/.rhosts" 30 Kevin Mitnick February 1995: FBI arrests Mitnick in Raleigh, North Carolina. Sentenced to 46 months in prison January 2000: Mitnick released from prison after almost 5 years (probation forbade him from connecting to the Internet or sending e-mail) January 2003: Mitnick can surf the Internet after 8 years 31 Other stories Web defacements Worms 32 Swen, SoBig, Nimda, Code Red, Slammer, Blaster Blaster’s author: Jeffrey Lee Parson, 18 What is a hacker? The term “hacker” was introduced at MIT in the 60s to describe “computer wizards” It has been eventually used to denote “malicious hackers” or “crackers”, that is, people that perform intrusions and misuse computer systems We will use the term “hacker” with this last connotation keeping in mind that it is also used to describe […] someone who lives and breathes computers, who knows all about computers, who can get a computer to do anything. Equally important, though, is the hacker's attitude. Computer programming must be a hobby, something done for fun, not out of a sense of duty or for the money. 33 (Brian Harvey, University of Berkeley http://www.cs.berkeley.edu/~bh/hackers.html) Ethics Is hacking legal? NO! Is it legal to discuss vulnerabilities and how they are actually exploited? YES, provided that… The goal is to educate and increase awareness The goal is to teach how to build a more secure computing environment A full disclosure policy has been advocated by many respected researchers provided that… 34 The information disclosed has been already distributed to the parties that may provide a solution to the problem (e.g., vendors) The ultimate goal is to prevent similar mistakes from being repeated UTD IR acceptable use policy Check it out at http://www.utdallas.edu/business/admin_manual/pdf/a51 300.pdf 35...
View Full Document

This document was uploaded on 01/22/2014.

Ask a homework question - tutors are online