Re: Unsecured Server?

by "The Web Center" <admin(at)webctr.com>

 Date:  Sat, 20 May 2000 13:51:03 -0400
 To:  "Michael Jon Muehlendorf" <haoka(at)wi.tds.net>
 Cc:  <hwg-servers(at)hwg.org>, "DLF" <donna(at)webctr.net>
 References:  tds
  todo: View Thread, Original
What ISP is this?  Don't worry...they almost never send hit squads after you
for exposing them...:).

PS: I have never herd of such a thing, and have to wonder if the person who
handled your call got fired.  I will be interested in the development of
this thread...

D


The Web Center
www.webctr.com
admin(at)webctr.com
1/877.349.3230
1/716.349.3230

Web Development Services
----- Original Message -----
From: Michael Jon Muehlendorf <haoka(at)wi.tds.net>
To: <hwg-servers(at)hwg.org>
Sent: Saturday, May 20, 2000 11:33 AM
Subject: Unsecured Server?


Hello List!

Good day to you all. I would like to describe a problem that I have
encountered with my ISP. They are a very large provider, but they seem to
be refusing my email queries regarding this problem. Here goes:

On Wednesday, May 17, 2000, I received a call from a friend who informed me
that his children have been accessing his user account (we have the same
ISP) using any password that they chose to type in. I was a bit taken
aback, and wondered if some new feature of Win98 locked in the "correct"
password, and then automatically substituted this "correct" password for
whatever was typed in at the prompt. It didn't really make sense, but I
couldn't really imagine a problem on the ISP end of the loop. He told me
that they had been doing it for several days. So, I fired up the box, typed
jibberish into the password field for my logon script, and BANG, I was in.
I tried it 4 or 5 times, with the same results.

Needless to say, this was very upsetting. I promptly called my ISP's
support line, and spoke with one of their techies. After I explained what
was happening, I heard her sort of gasp, and then she asked me, "Are you
joking?" I said that I wasn't. She asked me to hold while she called the
engineers on another line. When she returned to my call, this is what she
said: "No one was aware of this problem. However, sometimes, when many
users are having trouble logging in,  they intentionally place the
authentication server into *promiscuous mode.* They are fixing the problem
as we speak", she said, "and I will give you a call-back when it is
resolved." She called me back in about 15 minutes and told me that the
authentication server had gone into this promiscuous mode on Sunday
morning, May 14, and had been running that way since then, but that the
problem was fixed, that they were sorry for any inconvenience, and that it
would never happen again.

Well, I was already imagining all sorts of scenarios...my email being read,
passwords being stolen out of my email messages, etc. etc. etc. By this
time, I was getting VERY upset. I emailed 4 of their possible 7 contact
addresses, explaining what happened, and asking them one question:

"Is it (provider's name)'s intention to continue using this 'promiscuous
mode' to solve login problems?"

I had received NO responses by yesterday (Friday) so I emailed them again,
asking the same question, and asking if I should call their corporate
offices to see if I could get an answer. I still have no word from them.

So, I guess my question to the list is, is this a common practice with
authentication servers? And, if it is, how is it that it can go into this
mode all by itself, and remain in that mode for 4 days without being
noticed? Any feedback would be greatly appreciated, because I am beginning
to feel that they placed my account at risk through their negligence.

TIA,

Mike

HWG: hwg-servers mailing list archives, maintained by Webmasters @ IWA