page me More News overtheedge March 20, 1996 Poor Security on our Computer System by Jason Robertson The problem of computer security has been around since the advent of computers themselves. The movie “War Games” brought to the public’s attention the rela- tive ease at which a young com- puter user could break into classi- fied computer systems. Ever so often, a new movie or book about computer hacking comes out to remind us of the threat to our pri- vacy and personal information— ”The Net” and “Hackers” to name but two contemporary examples. The threat is real; and, I suggest, closer to home than we would like to admit. Take, for instance, our very own UNBC undergraduate computer server. There are over 1400 users on ugrad.unbc.edu, with hundreds logged on over a given day. All of us would hope that our accounts are not easily accessible by others. We have passwords, do we not? As long as we keep our passwords to our- selves, there should be no way that some “hacker” could access our accounts illegally. Unfortunately, this is not the case. Here’s the problem: Most university computer systems run the UNIX operating system. Anyone who can read and has some basic knowledge of com- puters can find out the entire ins and outs of UNIX by reading “UNIX for Programmers and Us- ers: A Complete Guide”, available in our library. Anyway, the UNIX operating system keeps a list of all of the users on the system, along with their passwords and any spe- cial privileges they may have, etc. Most computer operators either make sure that the file containing the passwords is either inacces- sible to the average user, or they “shadow” the file (i.e. move the passwords to a different, appar- ently more secure file). The pass- words in these files are “en- crypted”, or jumbled in such a way as to make no sense to us humans. Unfortunately, the encryption is the same for all UNIX systems and is easily broken. On the ugrad server, the password file is acces- sible to all, and not shadowed. This means that any user can read the file containing the encrypted passwords and attempt to break the encryption. This is done by com- paring a wordfile (e.g. all the words in the dictionary) to the en- crypted passwords. If there is a match, the password is found, and the user’s account is accessible to the “hacker”. As a result, the onus is placed entirely on the user to se- lect a password that cannot easily be “cracked”. I talked with some- one from CTS on the morning of March 14, and he said that he was well aware that the password file was not protected and that student accounts could be broken into. He also stated that he regularly at- tempts to crack student accounts to see what percentage of us choose easy passwords. ~ This article is meant to be not only informative, but also a warning. If you want the infor- mation on your account protected from unauthorized entry, you MUST choose a password that is not easily cracked. Passwords should not be any word found ina dictionary. It should contain sym- bols (e.g. “$”, “&”, “@”, “+”) and/ or numbers as well as letters. For example, the word “hello” should not be chosen as a password. Ex- amples of better passwords are “y$Ist&”, or “815t%j” (you get my point). If you have any questions pertaining to passwords or com- puter security in general, I sug- gest you go see the people in Computer Services, or e-mail . pot stays lank! he Staff of Over the Edge Domain and Not-Enough-Fix! By Chief Photographic Editor: Arron D. Oberman From The Land Of Darkrooms, ShadowGuy's ne ay oo te = Now that you’re looking, I’ll keep it to some point or other. I, Arron Oberman, ic ae am the new Photographic Editor here at Over The Edge. First of all, I do whole heartily apologize for the lack of photo content in this Issue #13, (point ~ of note of the front page by my Oh-so-understanding Co-Editor in Chief, Tracy Gula) The fact is I really screwed up in all of the developing and I take full responsibility for the failure to plan ahead, furthermore and I’m telling you this straight out; "It will NEVER happen again, promise!" Anyways, not to worry, I shall be doing my best with my plethora of Staff Photographers [A grand total of one (1), including myself that is!] to bring our student body a spectacle to feast the eye (a.k.a. more good photos) As for the editorial by Tracy Gula (which is on the next page), she’s absolutely right, the paper does need a lot of your help. Even if it’s just written suggestions or freelance articles, wacky photographers doin' wacky things with photos ( my favorite pass time), outlandish things, serious book reviews, Snooping Reporter type stories, personal movie reviews by those who want complain about how bad this months movies are, etc., etc., etc. Anything is helpful, and believe you me that I knew you guys and gals are out there who want to say something. I'm certain a ton of you are just in the mood to complain about how bad something is or how good something is going to be once everyone sees what’s going on right under = their noses. Damn it! If only you had the opportunity to tell everyone somehow! Lucky for you, we have the answer. ‘Over the Edge' is there so if you want to jump write (he! he!) in there and become one of our best reporters or just get your brain waves on paper, you only have to have the desire to express what you think needs to be heard. No one is telling you that you can’t have a voice. So, express your privileged right of free speech in making the most of what's available to you (‘Over the Edge' included). I have, and you're one more person sexual favors suspected! Actual photo seen above from | got to talk to. oo Undercover-Cam gets the dirt on the deal in progress! Keep the Film Rollin’, jin fe ot ad Exclusive for the readers of Over the Edge! President pe ame te shocked! Inquiry slated across the board! Rumor of eo made for T.V. movie by PGTV expected within a few... P.S. Remember, you just finished reading this..... so did many others! je sel oo a New Over the Edge Photographic Editor, Arron Oberman, finds nude photos of Co-Editor In Chief Tracy Gula. Extortion for raise and possible blackmail for