Страница 19 из 75
"Well, that wasn't so difficult," Joa
David bounded up the stairs with a broad smile baked on his face. He was a tall, athletic African American. After a moment's hesitation, he gave her a big hug. "How you doing, girl?" he said.
"Just fine," Joa
"Man, what a surprise to hear from you. You look good, real good!"
"You too," Joa
"Just a little older and a little wiser," David said with a laugh. "And I'm happy to report the old jump shot's still going down fine. But you look different. In fact you look younger. How can that be?"
"You're just trying to flatter me," Joa
"No, really!" David persisted. He moved from side to side to view Joa
"Come on!" Joa
"No need to be embarrassed," David said. "You look terrific. And now I know what it is. Your hair; it's short. I'm not sure I would have recognized you if I had bumped into you on the street. You look like you're sixteen."
"Oh, sure!" Joa
Joa
"No problem," David said. "We'll make up for it on another occasion. Now I know you ladies must be tired just getting back from Italy and all, so why don't we get right down to business." He peeled off his jacket made of black parachute fabric. From his pocket he produced a handful of floppy discs and held them up. "I brought along some tools, including my brute force password-guessing program. Where's your machine?"
A few minutes later David had the computer booted up and onto the Wingate Clinic's web page. With a rapidity that made Deborah blink, David browsed around the site. His fingers moved like a concert pianist across the keyboard. "So far so good,' he reported.
"Can you tell me what you are doing?" Deborah asked.
"Nothing yet," David said as he continued his surfing. "Just checking things out and looking for obvious holes in their firewall."
"Do you see any?"
"Not yet, but they're there."
"How can you be sure."
"One of the roles of a website is to provide the world with access to the organization's network. Here you can see the Wingate Clinic has it set up for people to send in health-related data and to get information back. Any time there is such an exchange there's the possibility of unauthorized access. In fact, in general, the more interactive a site is, the easier it is to hack. In other words, the more traffic, the more holes."
Deborah nodded but she wasn't sure she understood. Her use of computers was restricted to her biological research work, using the Internet as a resource, and sending E-mail.
"But what about passwords?" Deborah questioned. Whenever she used the computer in the lab, she had to enter her password, which only she knew. "Don't those keep people out?"
"Yes and no," David said. "That's supposed to be the idea, but it doesn't always work like it should. A lot of network managers are lazy and they never change the manufacturer default passwords, so that narrows down what has to be tried. Also with a www. server there's no limit to how many attempts you can make, so we can try a brute-force password-guessing program like the one I brought with me."
Deborah rolled her eyes for Joa
"I can't imagine it's too much fun for the people being hacked," Joa
"It's usually pretty i
"It would have been a lot easier if the clinic saw it that way," Joa
All at once David stopped typing. He stroked his beard thoughtfully. "Well, I have to give credit where credit is due. Seems like a pretty tight site. Certainly no glaring holes. In fact it seems to me to be fairly sophisticated. They've got an authentication server. Does this organization have a lot of bucks to throw around?" "That would be my guess," Joa
"I'm getting the feeling we're up against some pretty good security here," David said, "which means we'll have to get more sophisticated ourselves."
"What is it exactly that you would like to be able to do?" Deborah asked.
"I'd like the web server to recognize and authenticate us," David said. "Then we'd have the run of all their files. What I'm going to try now is to fill up the buffer on their new patient form and see if I can throw in some assembly-level commands in the space after the buffer to Bypass the authentication. It's like riding in through the CGI on the patient-form coattails."
"Could you tell me that in English?" Deborah said.
David looked up to Deborah's face. She was watching over his left shoulder. "I was actually simplifying the process when I just described it."
"Fine1." Deborah said, pretending to be irritated. "If that's the case, then I'll take myself over to the couch and lie down. I'll let you two computer wizards attend to business."
David looked up at Joa
Joa
"What do you think, Deborah?" Joa
"I'm willing to leave it up to you," Deborah said. "I'm curious, obviously, but not as curious as you."
"Then let's do it," Joa
"Right on, baby1." David said gleefully as he rubbed his hands together in anticipation of the challenge. He cracked a few of his knuckles before bending to the task. Again his fingers flew over the keyboard. The sound was like a continuous clatter rather than individual strokes. Images flashed on the screen in rapid succession.
After more than thirty minutes of intense concentration, David halted. He took an exasperated deep breath while flexing his fingers in the air.
"It's not working, is it?" Joa
"I'm afraid not," David said. "This is no Mickey Mouse setup that I can assure you."
"What do you propose?"
David looked down at his watch. "This might be a long process. It's a more secure site than I would have imagined, and it's not letting me sneak in any commands whatsoever. I thought we were dealing with a Windows NT environment but it now looks like a Windows 2000 with Kerberos."
"Is Kerberos the authentication method developed at M.I.T.?" Joa
"You got it," David said.
"So what's your bottom line suggestion as the easiest way to get the information we want?"