1993-10-21 - Eavedropping techniques revealed!

Header Data

From: Anonymous <nowhere@bsu-cs.bsu.edu>
To: cypherpunks@toad.com
Message Hash: 982fe755d5fccf5d37929b3f933dd73cd19f4e2dca906ecbb2452c9851af1d98
Message ID: <9310212059.AA08477@bsu-cs.bsu.edu>
Reply To: N/A
UTC Datetime: 1993-10-21 20:57:59 UTC
Raw Date: Thu, 21 Oct 93 13:57:59 PDT

Raw message

From: Anonymous <nowhere@bsu-cs.bsu.edu>
Date: Thu, 21 Oct 93 13:57:59 PDT
To: cypherpunks@toad.com
Subject: Eavedropping techniques revealed!
Message-ID: <9310212059.AA08477@bsu-cs.bsu.edu>
MIME-Version: 1.0
Content-Type: text/plain



Darn! They publicized a great spoof!

excerpted:

CA-93:15                         CERT Advisory
                               October 21, 1993
            /usr/lib/sendmail, /bin/tar, and /dev/audio Vulnerabilities 

The CERT Coordination Center has learned of several vulnerabilities
affecting Sun Microsystems, Inc. (Sun) operating systems. Three
separate vulnerabilities are described in this advisory.  The first 
and third vulnerabilities affect all versions of SunOS 4.1.x and all
versions of Solaris 2.x.  The second affects all systems running any 
version of Solaris 2.x (but does not affect SunOS 4.1.x systems). 

Patches can be obtained from local Sun Answer Centers worldwide as
well as through anonymous FTP from the ftp.uu.net (192.48.96.9) system
in the /systems/sun/sun-dist directory.  In Europe, these patches are
available from ftp.eu.net in the /sun/fixes directory.

Information concerning specific patches is outlined below. Please note 
that Sun sometimes updates patch files.  If you find that the checksum 
is different, please contact Sun.

[...]

III. /dev/audio Vulnerability

     This vulnerability affects all Sun systems with microphones. This
     includes all versions of SunOS 4.1.x including 4.1.1, 4.1.2, 4.1.3,
     4.1.3c, and all versions of Solaris 2.x including Solaris 2.1 
     (SunOS 5.1) and Solaris 2.2 (SunOS 5.2).  Sun is addressing this 
     problem in Solaris 2.3.

     A. Description

        /dev/audio is set to a default mode of 666. There is also no
        indication to the user of the system that the microphone is on.

     B. Impact

        Any user with access to the system can eavesdrop on conversations
        held in the vicinity of the microphone. 

     C. Solution

        To prevent unauthorized listening with the microphone, the
        permissions of the audio data device (/dev/audio) should allow 
        only the user logged in on the console of the machine to read 
        /dev/audio. To prevent unauthorized changes in playback and record 
        settings, the permissions on /dev/audioctl should be similarly 
        changed.

        *** Any site seriously concerned about the security risks
        associated with the microphone should either switch off the
        microphone, or unplug the microphone to prevent unauthorized
        listening. ***

        1. Restricting access on 4.x systems

        Use fbtab(5) to restrict the access to these devices. See the
        man page for more information about this procedure.

        2. Restricting access on Solaris 2.x systems

        To restrict access to these devices to a specific users, the 
        permissions on the device files must be manually changed.

        As root:

        # chmod 600 /dev/audio
        # chown <console user's username>.<desired group> /dev/audio
        # chmod 600 /dev/audioctl
        # chown <console user's username>.<desired group> /dev/audio







Thread