Due on Wednesday, September 15 by 11:59pm
Turn-in instructions: Put a printed copy of your responses in my mailbox in the CS common area in TCL. I will not accept handwritten responses.
Optional, for this one assignment: use a LaTeX template. Convert to PDF with:
$ pdflatex reading01.texYou will need to install TeXLive on your personal computer to build LaTeX documents: macOS, Windows, Linux. CS Lab machines already have TeXLive installed.
- Explain the
emacs“movemail” bug. Stoll’s description is light on detail, so you will need to do a little research (e.g., using Google) on your own. Be sure that your answer uses the words “setuid” and “privilege escalation”. - On page 40, Stoll notes that the hacker accessed an encrypted password file. First, what is an encrypted password file? Second, why is or why isn’t the hacker’s access of this file a cause for concern? Refer to the official password file documentation for Linux (i.e., the password file “
manpage”) and note that The Cuckoo’s Egg takes place in the “good old days.” If you use any jargon in your answer (e.g., “crack”), be sure to define it. Be prepared to do a little digging to provide a good answer. - Here is an entry in the
/etc/shadowfile for a modern computer on which I have an account:dbarowy:$6$Yvba7lX/suhF9Ahd$wbJ0hEVyDhZtli8h6xjV0OtF5i4DHNUsUw0FRpBw.W1tf9v/mAmEa/gyew2ggwsGwbFAt6EiWnMxaezfz4nAQ/:18439:0:99999:7::: lxd:!:18439::::::
What encryption algorithm is being used to obscure my password, and is it a “trapdoor” function or something else? You will need to find the appropriate
manpage to answer this question. - Stoll notes that the computer running on the network address
26.0.0.113belonged to the US Department of Defense. Who owns it now? Use thewhoistool to answer. - Suppose you want to “trace” the path that data takes between your own computer and another computer at a given address. You can use a
traceroutetool to perform this task. What networks do connections from your computer to26.0.0.113cross? Assume your computer is in New York, NY. You will need to use thewhoistool above to find network names. What do you think the output???means?