Updated: 24.11.2002; 12:08:31 Uhr.
disLEXia
lies, laws, legal research, crime and the internet
        

Friday, May 4, 2001

Foolish wireless network access policies and spam engines

A local university has deployed a large 802.11 wireless network without WEP or any other security measure. Given the complexity of distributing WEP keys to huge numbers of students, faculty, and staff, not to mention the need for periodic changes, and the notorious insecurity of WEP itself, this might seem to be a reasonable choice. They have decided to provide public access to their IP connectivity for those within radio range of their campus rather than tackle the very significant issues associated with restricting access.

The RISK? Their campus mail-handling machines will relay mail to any inside or outside destination if it's received from an address "inside" their campus network. The network architecture they've chosen for their wireless deployment dictates that anyone can walk onto their (large, urban) campus, or even just park his car outside, and spam away freely with hundreds of megabits per second of bandwidth to most points on the Internet.

Basically, their entire campus just became a "safe harbor" for anyone owning a laptop and wireless card to do nefarious things to outside hosts with, essentially, perfect, impenetrable anonymity. There's not even a billing record for a throwaway dialup account to trace back; just a MAC address that can be trivially changed and the knowledge that it was used *somewhere* on their campus to do Bad Things at some point in the past.

Thor Lancelot Simon [tls@panix.com (Thor Lancelot Simon) via risks-digest Volume 21, Issue 39]
0:00 # G!

Lucent workers charged with selling secrets to Chinese

Federal authorities arrested two Lucent scientists and a third man yesterday, charging them with stealing software associated with Lucent's PathStar Access Server and sharing it with a firm majority-owned by the Chinese government. The software is considered a "crown jewel" of the company. Chinese nationals Hai Lin and Kai Xu were regarded as "distinguished members" of Lucent's staff up until their arrests. The motivation for the theft, according to court documents, was to build a networking powerhouse akin to the "Cisco of China." The men face a maximum five years in prison and a $250,000 fine. (*USA Today*, 4 May 2001 http://www.usatoday.com/life/cyber/tech/2001-05-03-lucent-scientists-china.htm NewsScan Daily, 4 May 2001, written by John Gehl and Suzanne Douglas, editors@NewsScan.com) ["NewsScan" via risks-digest Volume 21, Issue 38]
0:00 # G!

Excel-lent leaks

This amusing story was told to me by a friend, whose company name will stay hidden. Once upon a time, there was a sales director in a big spirit and wines company. This person managed the whole team for a big European country. One day she had to take the decision of laying off a high position salesman, working for this company since years. Because of the turmoil generated inside the team by this firing, she wanted to set the organization changes, and she made a new Org-chart and asked her administrative assistant to forward the file to all the sales team.

Well... Everything looks fine, since you don't know yet that the new org-chart was made on an Excel Book. "Book" means several sheets... So, what was distributed to the whole team?....

Sheet 1 : The Org-chart : ok. At least THAT was good. Sheet 2 : All the names of the salesman for the whole country, their salary, and appreciation commentaries (kind off:"this guy will never succeed / he is a burden") and raises projection. By the way, with a good raise projection for herself :) Sheet 3 : A road-map to lay off the old salesman. all the information, dates, argumentation needed to get rid of him.

Isn't that nice?

Conclusion : A nightmare ! all the guys with a bad appreciation went postal (one guy from the south realized that his "sibling" of the north was making double money for the same work & results, etc...). I guess they should have had a lot of resignation... And a friend of the fired salesman forwarded the mail to him, giving him good material for the lawsuit he was engaging against the company.

The risks? When you don't know how to use Excel or any software : don't use it for critical information ! When you send an e-mail : watch out what you are sending ! ["Christophe Augier" via risks-digest Volume 21, Issue 39]
0:00 # G!


Maximillian Dornseif, 2002.
 
May 2001
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    
Apr   Jun
Search
about this disLEXia thing
presentations
scientific publications
logner Texts
my old homepage
categories in this weblog
Subsections of this WebLog
bloging by me
german language content
hacks
computer investigations
computer incidents
going to court
events and conferences
statistics and the like
privacy
main page

Subscribe to "disLEXia" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.