Due on Wednesday, September 15 by 11:59pm

Turn-in instructions: Put a printed copy of your responses in my mailbox in the CS common area in TCL. I will not accept handwritten responses.

Optional, for this one assignment: use a LaTeX template. Convert to PDF with:
$pdflatex reading01.tex You will need to install TeXLive on your personal computer to build LaTeX documents: macOS, Windows, Linux. CS Lab machines already have TeXLive installed. 1. Explain the emacs “movemail” bug. Stoll’s description is light on detail, so you will need to do a little research (e.g., using Google) on your own. Be sure that your answer uses the words “setuid” and “privilege escalation”. 2. On page 40, Stoll notes that the hacker accessed an encrypted password file. First, what is an encrypted password file? Second, why is or why isn’t the hacker’s access of this file a cause for concern? Refer to the official password file documentation for Linux (i.e., the password file “man page”) and note that The Cuckoo’s Egg takes place in the “good old days.” If you use any jargon in your answer (e.g., “crack”), be sure to define it. Be prepared to do a little digging to provide a good answer. 3. Here is an entry in the /etc/shadow file for a modern computer on which I have an account: dbarowy:$6$Yvba7lX/suhF9Ahd$wbJ0hEVyDhZtli8h6xjV0OtF5i4DHNUsUw0FRpBw.W1tf9v/mAmEa/gyew2ggwsGwbFAt6EiWnMxaezfz4nAQ/:18439:0:99999:7:::
lxd:!:18439::::::

What encryption algorithm is being used to obscure my password, and is it a “trapdoor” function or something else? You will need to find the appropriate man page to answer this question.

4. Stoll notes that the computer running on the network address 26.0.0.113 belonged to the US Department of Defense. Who owns it now? Use the whois tool to answer.
5. Suppose you want to “trace” the path that data takes between your own computer and another computer at a given address. You can use a traceroute tool to perform this task. What networks do connections from your computer to 26.0.0.113 cross? Assume your computer is in New York, NY. You will need to use the whois tool above to find network names. What do you think the output ??? means?
• CSCI 331: Introduction to Computer Security, Fall 2021

CS 331 course website