security

A couple of students in Another Place are in trouble for “hacking”. The news papers aren’t particularly specific about what they did, but it sounds like they installed a packet sniffer and listened in on traffic across their network.

Ethernet networks have everyone hanging off the same piece of wire. If you’re on an Ethernet network, your network card has a unique address. As the traffic for everyone on that piece of wire flows by, your computer picks up traffic addressed to it. It doesn’t listen to other people’s traffic because you usually don’t care about it. However, by running your network card in what is delightfully known as promiscuous mode, you can see other people’s traffic. Programs which do this and present the results to you are called packet sniffers. Ethereal is a popular free packet sniffer. Packet sniffers have legitimate uses, like diagnosing network problems or writing and debugging software which uses the network (I installed Ethereal the last time I was having problems with DNS lookups, for example). The remedies for undesired sniffing are encryption and restructuring the network so everyone’s packets don’t share the same piece of wire.

The Oxford students seem to have been disciplined for drawing attention to what they did, but none of what they found is news. A college network probably has everyone hanging off the same wire. There are encrypted versions of telnet, HTTP, IMAP and POP3 but not many people use them. There are a lot of clever people with time on their hands. You work it out.

People who know this have done some sort of risk calculation and come up with a solution that they’re happy with, which balances convenience against privacy. For example, I only permit encrypted logins to my machines and don’t send my password itself when fetching email (although the mail itself comes across the wire as plain text). Now you know what’s possible, you can do that calculation too.

There’s something nasty out there, changing the DNS settings of Windows machines to point at what look like a couple of Linux boxes on some US hosting service. Best guess is that it’s down to another fricking Windows exploit, one that seems to work via a web page which downloads an executable, which runs itself to change your DNS settings, and then deletes itself. It got me during my lunchtime surf at work, and it seems other people have seen it too. Check your DNS settings before you next use Internet banking, or face the Man in the Middle. Praise Bill!

(I always thought it’d be cool to have a LiveWires course on exploits, as the kids were always keen on Internet stuff: In this worksheet, you will own a poorly configured IIS server, changing the site’s front page to the message “Je5u5 0wnz j00: ph43r G0d”.)

In other news, the dear old Church of England (in fact, the Anglican communion) looks set to split on the gay issue, what with a big meeting of bishops coming up and much sabre rattling on both sides. Bit of a shame, as I can’t help feeling some affection for the old thing, although I suspect that a split church is just what many evangelicals (such as our old friends Reform) are looking for. (Really must get round to responding to livredor‘s latest on that thread, too).