Thursday, October 06, 2005

The story behind the Novell hack story

NETWORK WORLD NEWSLETTER: DAVE KEARNS ON NOVELL NETWARE TIPS
10/06/05
Today's focus: The story behind the Novell hack story

Dear security.world@gmail.com,

In this issue:

* Digging into the recent Novell server hack story
* Links related to Novell NetWare Tips
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Sybase

It sounds so simple: if you collect enough business information,
you'll glean valuable insights that can drive both revenue
growth and competitive advantage. Along the way, however,
companies are discovering that managing the explosive growth of
online data can prove a formidable challenge. Here's how to
assess your data management style, and maximize your
opportunities to turn online data into business opportunity.
Click here for more on taming the data explosion.
http://www.fattail.com/redir/redirect.asp?CID=116802
_______________________________________________________________
COMPLIMENTARY NETWORK WORLD PRINT SUBSCRIPTIONS

Managing networks and systems can be a lot easier if you stay
aware of the latest developments in tools and technologies
designed to help. Network World will ensure that you don't miss
a beat. We would like to offer you the leading source of
dependable, accurate, timely information you can rely on to make
the best decisions for your corporate network. SUBSCRIBE TODAY
AT:
http://www.fattail.com/redir/redirect.asp?CID=116976
_______________________________________________________________

Today's focus: The story behind the Novell hack story

By Dave Kearns

There were a number of news stories last week about Novell's
internal servers, including one posted at NetworkWorld.com under
the headline "Novell server hacked."
<http://www.networkworld.com/nlnovell7896>

It seems a security consultant in Virginia discovered that a
client's site had been "scanned" a number of times by a machine
whose IP address was traced back to Novell. At this point, the
stories start to get confusing.

Most of the printed stories refer to the Novell server by
saying: "The hacked system appeared to be running a mail server
for a gaming site called Neticus.com, and the main game Web page
for Neticus.com was hosted on a separate server that also
belonged to Novell." Both statements are wrong, according to
Novell's PR and a search on Google cache.

The Neticus.com site was hosting a discussion board (with very
limited membership) for some participants (who may all have been
Novell employees) in the "World of Warcraft" game
<http://www.worldofwarcraft.com/>. There was no "game server."
The compromised server was another one, which was currently not
used for any particular activity. Both are considered lab or
test servers and are outside the Novell corporate firewall. It's
also unclear whether the discussion board was within the bounds
of Novell's corporate terms of use policy.

Still, scanning other people's computers should be considered
"bad" behavior.

There are other confusing aspects to this story, though. A
search on the Neticus.com domain at Google reveals that, at
least at some point, this domain hosted the "official" home of
Brigham Young University Athletics. It's unclear if this was the
actual domain BYU used, or was simply a mirror site set up
without the university's knowledge. But it was active at least
as late as last December.

The Neticus.com domain was registered by Novell back in 1998 (by
a man named "Bruce Wayne," who knew the caped crusader toiled
away in Provo?). It was set up (presumably by folks in Novell's
IT department) as a "proof-of-concept": an ISP running entirely
on NetWare. Novell employees who applied for them were given
accounts on the server and allowed remote access. But the
documents describing the server (found by digging through the
Internet Archive) specifically say: "Neticus is not a production
corporate remote access system, nor is it a production Web
server. It is a development, testing and design lab."

While the testing was ended in 2000, evidently the server stayed
up and many people had access. It's unclear (i.e., Novell isn't
talking) when it was first used to host the gaming discussion,
but it's something any of the account holders could have set up.
The testers provided a full-service ISP to their clients,
including (according to the Internet Archive documents):
* Dial-Up Internet Access - "We support analog modem speeds up
to 56k (V.90) and ISDN. We have POPs in Orem/Provo and San
Jose."
* E-Mail - "We support SMTP & POP3/IMAP4 e-mail clients. And for
those who would rather not bother with a client at all, we offer
WebMail."
* Web Browsing/Hosting - "In addition to vanilla Web browsing,
we offer accelerated browsing via a proxy server, and we also
host users' home pages."
* Usenet News - "Alternately described as godless anarchy and/or
the ultimate expression of freedom of speech, Usenet News
consists mainly of millions of college freshmen telling each
other that they 'suck.'"

The technologies used on the server were listed as:
* NetWare 5
* BorderManager Enterprise Edition 3.5
* Netscape Enterprise Server for NetWare
* Novell Internet Messaging Server 2.1
* DNews for NetWare

My conclusion? With all of the changes and layoffs, Novell lost
track of these servers and one or two (current or former)
disgruntled employees took advantage. It's unfortunate, and a
real black eye for a networking company, but it isn't a major
story in the greater scheme of things.

The administrator of the Neticus ISP test, by the way, was
listed as Grettir Asmundarson (a pseudonym) whose personal Web
site <http://www.tinypineapple.com/> describes "him" as
"ne'er-do-well, sluggard, and wastrel" (but no mention of being
a gamer). Grettir is also the listed author of the "Beige
Papers" <http://www.tinypineapple.com/luddite/beigepapers/>,
Novell IT's documentation of the company's upgrade to NetWare 5
and a very interesting read for network managers.

The top 5: Today's most-read stories

1. How to solve Windows system crashes in minutes
<http://www.networkworld.com/nlnovell7734>
2. Nortel faces uphill battle
<http://www.networkworld.com/nlnovell8120>
3. Cisco pushes new security software
<http://www.networkworld.com/nlnovell8121>
4. WLAN QoS specification approved
<http://www.networkworld.com/nlnovell8278>
5. Somebody's got to pick up the 'Net's tab
<http://www.networkworld.com/nlnovell8279>

_______________________________________________________________
To contact: Dave Kearns

Dave Kearns is a writer and consultant in Silicon Valley. He's
written a number of books including the (sadly) now out of print
"Peter Norton's Complete Guide to Networks." His musings can be
found at Virtual Quill <http://www.vquill.com/>.

Kearns is the author of three Network World Newsletters: Windows
Networking Tips, Novell NetWare Tips, and Identity Management.
Comments about these newsletters should be sent to him at these

respective addresses: <mailto:windows@vquill.com>,
<mailto:netware@vquill.com>, <mailto:identity@vquill.com>.

Kearns provides content services to network vendors: books,
manuals, white papers, lectures and seminars, marketing,
technical marketing and support documents. Virtual Quill
provides "words to sell by..." Find out more by e-mail at
<mailto:info@vquill.com>
_______________________________________________________________
This newsletter is sponsored by Sybase

It sounds so simple: if you collect enough business information,
you'll glean valuable insights that can drive both revenue
growth and competitive advantage. Along the way, however,
companies are discovering that managing the explosive growth of
online data can prove a formidable challenge. Here's how to
assess your data management style, and maximize your
opportunities to turn online data into business opportunity.
Click here for more on taming the data explosion.
http://www.fattail.com/redir/redirect.asp?CID=116801
_______________________________________________________________
ARCHIVE LINKS

Archive of the Novell NetWare Tips newsletter:
http://www.networkworld.com/newsletters/netware/index.html

Novell news page:
http://www.networkworld.com/news/financial/novell.html
_______________________________________________________________
FEATURED READER RESOURCE

IT PROS SHARE THEIR TALES OF MAKING ITIL WORK

Running an enterprise network is challenging. IT organizational
change can be even more so if managers don't balance efforts
proportionally across people, process and technology.
Implementing best practices frameworks such as Information
Technology Infrastructure Library (ITIL) can help, but they
introduce their own set of challenges. Click here for more:

<http://www.networkworld.com/news/2005/092205-itil.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

No comments:

Post a Comment