Everhart,Glenn From: Mark (Mookie) [mark@ZANG.COM] Sent: Thursday, April 23, 1998 10:20 AM To: BUGTRAQ@NETSPACE.ORG Subject: Re: Have Crackers Found Military's Achilles Heel? >>From what I can see, the DISA DEM software was/is publically available >at http://tcoss.safb.af.mil/common/HTML/DSC_support.htm (the link is >broken though). >No wonder the feds didn't bother to come after them ;-) By the looks of ftp://tcoss.safb.af.mil : 220 tcoss2 Microsoft FTP Service (Version 3.0). Name (tcoss.safb.af.mil:root): ftp 331 Anonymous access allowed, send identity (e-mail name) as password. Password: 230 Anonymous user logged in. ftp> dir 200 PORT command successful. 150 Opening ASCII mode data connection for /bin/ls. 11-20-97 05:16PM ActiveX 01-27-98 02:47PM disd 04-15-98 09:00PM Disn-W 03-12-98 08:33PM DITCO 04-14-98 01:45PM 0 dspd8.tmp 04-17-98 12:20PM MCI_TCOSS 04-23-98 06:59AM PDCBOOK 03-24-98 08:10PM R&R 04-15-98 06:52PM TSRE 11-20-97 05:27PM WinFrame ftp> cd Disn-W 550 Disn-W: Access is denied. So it appears the "highly technical crack team" just ftp'd the software. Wow. They fixed the perms on the dir last week. And what they got: A software tool set called DEM (Visual Basic Programming based) melds the day to day network operations and maintenance efforts. DEM provides the entire RAVN team with a user friendly/graphical based set of tools that allow real-time network access for monitoring, control, re-configuration and testing of the critical pieces of hardware/software that make up the composite RAVN architecture. Both RIMS and DEM data bases are hosted on a stand alone RAVN server operated and maintained by NTAC personnel. The server is accessible via a Local Area Network connection and supports up to 25 simultaneous users. Sounds rather useless unless you have the databases of network equipment and device authentication parameters. Cheers, Mark mark@zang.com