Modern NetWare Hacking

Presented at Black Hat USA 1999, July 7, 1999, 1:30 p.m. (60 minutes).

Computer security is one of those topics that most Novell NetWare system administrators think is something their Unix (and more recently Microsoft NT) administrator counterparts have to worry about. While those involved in security circles have known otherwise for years, Novell is making leaps and bounds into a more open world of web servers, NetWare/IP, and other connectivity to public networks, and it has become very important to consider all aspects of the security of Novell's products.

Novell has also been less than forthcoming regarding security patches for vulnerabilities in their products, and often release security patches as a part of regular maintenance patches without communicating the nature of the original security problem and the importance behind loading the latest patch. Due to some fairly high profile security exploits that have recently surfaced (including some I have helped author), Novell is slowly beginning to address security in a more proactive way. But they, like most other large commercial software producers, have a long way to go.

Therefore it is important to learn exactly how NetWare servers can be compromised, how easy it is to gain access to the tools to perform intrusions, how the tools work, and how easy it is to patch most holes. It is also important to understand not only the nature of the attacks, but also the nature of potential attackers.

Presenters:

• Simple Nomad - Nomad Mobile Research Centre, author of the Novel Hack FAQ.
  I have been asked why I go by the name "Simple Nomad". The main reason is that my very understanding Fortune 100 employer cares little about what I do outside of work, as long as I leave them out of it. To help keep this agreement, I remain Simple Nomad, a name off of a Ouija board session. Many of my projects and papers are written from the perspective of the unwanted intruder. Why? Because it is simply much more interesting. I remember a movie where some girl didn't like the bank robbers and muggers, but was fascinated with the forger. She felt the forger was an "artist". I guess I see the hacker as an artist to a degree. It's the same mentality that gets us to watch spy movies, and movies about those "rebel" cops who break a few rules to get the job done. Next time you're watching one of those movies or TV shows notice how many times either a law is broken or a civil liberty is stepped on "for the greater good". And remember hackers are no different. They just get the bad press.

Similar Presentations:

• DEF CON 18 (2010) / ExploitSpotting: Locating Vulnerabilities Out Of Vendor Patches Automatically
• Black Hat USA 2010 / Security is Not a Four Letter Word
• Black Hat USA 2010 / ExploitSpotting: Locating Vulnerabilities Out Of Vendor Patches Automatically