He had first learned about it on an international
phone conference, where he had traded information with other hackers
and phreakers. The security hole involved the system's relatively
obscure load-module program. The program added features to the running
system but, more importantly, it ran as root, meaning that it had a
free run on the system when it was executed. It also meant that any
other programs the load-module program called up also ran as root. If
Anthrax could get this program to run one of his own programs--a
little Trojan--he could get root on System X.
The load-module bug was by no means a sure thing on System X. Most
commercial systems--computers run by banks or credit agencies, for
example--had cleaned up the load-module bug in their Sunos computers
months before. But military systems consistently missed the bug. They
were like turtles--hard on the outside, but soft and vulnerable on the
inside. Since the bug couldn't be exploited unless a hacker was
already inside a system, the military's computer security officials
didn't seem to pay much attention to it. Anthrax had visited a large
number of military systems prior to System X, and in his experience
more than 90 per cent of their Sunos computers had never fixed the
bug.
Pages:
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626