11.23.08
Another Novell Flaw?
We’ve already seen Novell ignoring alleged security problems, despite reports from users. There have also been some new articles recently about kids that take control of their school’s network, probably thanks to loopholes in Novell’s software. Here is a video that came to YouTube a few hours ago.
If it is not appropriate to have this video in here, we’ll remove it. █
Ian said,
November 23, 2008 at 1:03 pm
From what I can tell, there’s no direct hacks for Novell software in those videos, or the videos it’s responding to. The only flaws or exploits are for local windows machine privs.
Roy, what Novell flaws do you see?
Dan O'Brian said,
November 23, 2008 at 1:11 pm
It looks like you also need to be the network admin with administrator rights on all the workstations to pull this off. Can you say “well, duh?”
Dan O'Brian said,
November 23, 2008 at 1:22 pm
Watching this again, the guy who made the video is showing how /unhackable/ Novell is, not how it /is/ hackable.
The video is disproving what he calls “stupid” people that have supposedly explained how to hack a Novell network.
For example, if you scan to 1:21, he says:
He then goes on to explain what his software is (called Stinger X-Series) which is software that runs on top of the Novell software which helps him dynamically defend against hackers in case they find something he hasn’t secured.
This is not a video showing how insecure Novell is, it is a positive review of Novell.
Dan O'Brian said,
November 23, 2008 at 1:24 pm
Roy: I suggest you finish watching the video and understand what it’s talking about before you make a fool of yourself like you just did.
Roy Schestowitz said,
November 23, 2008 at 3:04 pm
iI already know this because I watched it twice. Compromise of local machines still seems possible. Also see the previous video/post that I link to.
Dan O'Brian said,
November 23, 2008 at 3:08 pm
Uh… how would it be possible? The video doesn’t prove that what you say is possible, it suggests that it isn’t.
The video is in no way shape or form supporting evidence to your claim.
Roy Schestowitz said,
November 23, 2008 at 3:11 pm
Pay attention to the end. Also see:
http://boycottnovell.com/2008/06/01/novell-security-vanity/
biasedUser said,
November 23, 2008 at 3:19 pm
after viewing you web site for months, it is fairly clear that your views are biased by some pathological hate for Novell,? Jealousy.
you post a video that is an advertisement for a company to help secure Novell. They must have liked it enough to put time and energy into developing their product.
Novell is moving away from its netware and here you are in 2008 showing netware, do you have any positive comments about Novell?
what? did they not hire you for some job and you can’t get over it.
Your site becomes more and more irrelevant as your one sidedness blinds you to a number of the positive contributions that Novell provides. Not everyone is Good or Evil. balance it out a bit you will feel better. forgiveness will give you some peace.
Dan O'Brian said,
November 23, 2008 at 3:20 pm
Here’s the end:
As explained in the previous frame, Workstations can only be hacked if the admins are stupid (his words, not mine) and don’t secure them properly (e.g. if the admin allows users to install software or allow users to run software on a USB key or network drive.
Dan O'Brian said,
November 23, 2008 at 3:22 pm
Overall the video you linked is a testament to how secure Novell’s NetWare product is. Afterall, he says it cannot be hacked from the network – only workstations can be hacked and even then, only if the user has physical access to the machine (well, duh).
Roy Schestowitz said,
November 23, 2008 at 3:26 pm
Yes, duh. And see that previous video too.
Jose_X said,
November 23, 2008 at 3:58 pm
I think this got posted to show that, on a Netware setup, there may be some problems somewhere which can be exploited with nessus or with any other tool that might work similarly.
There is also the other link which, unless staged or a lie, would indicate that Netware does have a real problem.
Otherwise, the video does seem to be an ad attempting to sell Netware on its positives.. or else to be an ad of Nessus to show that it could penetrate and otherwise “solid” Netware.
For the real truth, you’ll probably need to know more about Netware. Maybe this video was intended as a joke?
Roy Schestowitz said,
November 23, 2008 at 4:03 pm
To say that this promotes Netware is a little like saying that a Symantec ad indicates that Windows is secure.
Jose_X said,
November 23, 2008 at 4:31 pm
>> To say that this promotes Netware is a little like saying that a Symantec ad indicates that Windows is secure.
I looked over it more carefully, and it does seem the video claims that you can hack the server basically by referencing the other link (JCT).
I skimmed lightly over the actual exploit part the first time because:
– I got distracted by all the noise earlier (that music was awesome),
– I didn’t read the fine print early on,
– I did not realize what JCT was,
– Dan claimed it was about a client side only exploit (pass on the blame, sure),
– everyone else said it was meaningless (…),
– Dan also added that it was a positive for Netware (if you missed some of the crucial details, that is the impression given),
– the blog entry wasn’t that clear over what “JCT” was or the that there was a dependency to that other link in order to understand the exploit,
and (…drum roll…)
– I didn’t bother to look more carefully.
.. excuses excuses.
From the second link, we find out JCT stands for “Jared, Camron, Tarron”. I’m guessing these are the three that discovered this problem.
***
I hope others rebuttle or else silently recognize they made a mistake (as I did) and keep it in mind before the next attack.
biasedUser? Dan?
[Ian] >> Roy, what Novell flaws do you see?
This response I’m writing and the one I left at the other link may help.
Jose_X said,
November 23, 2008 at 4:35 pm
>> I hope others rebuttle or else silently recognize they made a mistake (as I did) and keep it in mind before the next attack.
In other words, before the next inevitable verbal attack on Roy and BN.
Also, there is no need to be silent. A public statement recognizing a mistake would work for everyone.
A *legitimate* rebuttal that doesn’t change the subject would also work.
Dan O'Brian said,
November 23, 2008 at 4:51 pm
Jose: this may be news to you, but if I have physical access to a Linux machine, I can bypass ACL’s too.
Does this make Linux fundamentally insecure? Is this an exploit in Linux? No.
Roy Schestowitz said,
November 23, 2008 at 4:56 pm
I find this laughable. Heck, why not just give kids machines with complete and full privileges because ‘they can be cracked anyway’^TM.
Speaking of which:
http://www.securityfocus.com/archive/1/498471
Kernel vulnerability found in Vista
http://news.cnet.com/8301-1009_3-10106173-83.html
Symantec warned about the new stack back in 2006.
They pulled out BSD code, put in their own garbage.
Priceless.
Jose_X said,
November 23, 2008 at 5:00 pm
Dan, we are talking about compromising other servers on the network from a client where you presumably don’t have rights to do so. Or at least that is my understanding of what Netware blah blah server and the JCT was about.
Dan O'Brian said,
November 23, 2008 at 5:32 pm
Jose: then you very clearly didn’t understand what he was talking about.
He said it’s possible to hack WORKSTATIONS but not the servers.
Do you even know how NetWare client works? You know, the part that runs on top of Windows?
The /server/ runs the NetWare kernel and complete stack. Workstations run Windows and have added security added on top by the NetWare client.
If you have physical access to the machine, you can force it to boot from a USB key, a cdrom, whatever and therefor bypass any ACL’s the system would normally boot with.
You can do the same thing with any Linux box.
The video linked says nothing about the server being hackable from a workstation.
Roy Schestowitz said,
November 23, 2008 at 5:39 pm
Hack or crack? Regardless: bypassing access restrictions by booting or opening up boxes ain’t the same thing as this.
Jose_X said,
November 23, 2008 at 6:13 pm
I don’t use Netware or know much about it.
Here are two questions.
1 — What is Zenworks?
If you watch the end of the JCT detailed video, you’ll see a comment: “… full control over workstation and all Novell services.”
My best guess for the meaning of “Novell services” would be of something provided by the network (meaning, to potentially include servers not on this host), but I suppose it could be talking about client services only.
2 — Can you comment on this “Novell services” thing?
[min 1:33 http://boycottnovell.com/2008/06/01/novell-security-vanity/ ]
Josh Bell said,
November 23, 2008 at 6:53 pm
Jose,
Zenworks is a bunch of products but what I believe this guy or girl is talking about is Zenworks for Desktops. ZfD is a Novell product that distributes applications, allows admins to remote control PCs, and even invetories PCs. Zenworks allows and admin to find a user no matter where they are on the network.
The Novell services he is talking about are those services that run on top of a Windows workstation not the NetWare server itself. The NetWare server itself can be secured a number of ways from using Secure.ncf which disables unloading DOS from memory, hence making it much more difficult to reboot the server by typeing the down command, will only allow you to load Netware loadable modules from the system path, making it difficult if not impossible for someone to put something on the server that shouldn’t be there and other security measures.
You can buy third party products that will secure the console so unless you know the admin password you can’t get on the console to reboot it. You can set bios passwords so that even if the server reboots unless you know the bios password you can’t go further.
What do you do to secure you Linux boxes? How do you harden them. The same things work on NetWare boxes.
Jose_X said,
November 23, 2008 at 7:42 pm
Josh, what does “admin” mean. Admin just for that box? If so, then that is a client only issue.
However, if “admin” allows you to access services anywhere on the network as “admin”, then this is a real flaw either in the auth part of the protocol (for giving “admin” rights to a client that didn’t authenticate legitimately) or in part of the implementation.
Ian said,
November 23, 2008 at 7:57 pm
Jose,
From what I could gather from the video, it was for the local windows machine. Every eDirectory tree is created with an admin user, literally named “admin”. That user by default has all rights to the directory tree, all NCP resources, and Novell NSS and TFS storage. There is no direct connection between a Windows local Administrator account and an eDirectory admin account, none. Having admin rights on the network doesn’t necessarily mean you have admin rights on the local machine(zenworks dynamic local users aside) and conversely, having administrator rights doesn’t mean you have admin rights “on the network”.
This isn’t a Netware exploit, it’s a windows exploit. The computing.net thread followed up by one of the preceding videos has no mention of remote exploits, just social engineering about getting server room access. And even that won’t help you because even if you have direct access to a Novell server console, you can’t make any eDirectory and/or password changes without having the admin password anyway.
The title of this post should be fixed to read this way: “Another Novell Flaw? No.”
Josh Bell said,
November 23, 2008 at 8:01 pm
For the video purposes it means admin rights on the box. Similar to Linux there is a root type account called admin that has authentication rights to everything. Just like a network admin knows the root passwords or the LDAP password that is used on Linux on the network admin knows the “admin” password to the entire e-Directory tree.
Part of the reason the video explicitly states you need the teacher’s disk is you need more rights than a general student and if the network admin has any experience that still wouldn’t be enough rights to do any damage.
G. Michaels said,
November 23, 2008 at 8:02 pm
Sorry, this is patently (hah) ridiculous. Roy, did you actually watch and understand the whole thing?
Note: writer of this comment adds absolutely nothing but stalking and personal attacks against readers, as documented here.
Ian said,
November 23, 2008 at 8:09 pm
I think the problem is a lack of basic technical knowledge by Roy as it relates to this issue and how Novell network, specifically edirectory rights, actually works. Couple that with the fact that the videos preceding the posted videos don’t actually make much sense with the mentions of “novell networks” and you get a murky message.
Roy, I think you jumped the gun before you had a full understanding of what it meant.
G. Michaels said,
November 23, 2008 at 8:15 pm
But in true Fox News style, appending a question mark to the end of the headline gives him enough wiggle room to claim he’s just “informing” people.
Evangelism at its best.
Note: writer of this comment adds absolutely nothing but stalking and personal attacks against readers, as documented here.
Jose_X said,
November 23, 2008 at 8:28 pm
>> This isn’t a Netware exploit, it’s a windows exploit.
OK. As I said, I assumed it was related to the network because of the terminology used and the fact I am not familiar with Netware/Zenworks/etc.
If it is just client side, then.. well, the problem there is XP of course.
Jose_X said,
November 23, 2008 at 8:32 pm
>> If it is just client side, then.. well, the problem there is XP of course.
FWIW, I don’t know enough to say that. I was just playing around.
Dan O'Brian said,
November 23, 2008 at 8:40 pm
Jose: See what happens when you *assume*?
That’s the problem with this website, it makes assumptions all of the time which are simply not true.
A little research would have gone a long way toward protecting you from making a fool of yourselves, but you stubbornly refused to spend any time in doing any. As always.
Jose_X said,
November 23, 2008 at 8:58 pm
>> A little research would have gone a long way toward protecting you from making a fool of yourselves, but you stubbornly refused to spend any time in doing any. As always.
I don’t tend to feel like a fool, sorry to disappoint.
I stated I don’t use Netware. I had to make assumptions.
Even what I spoke of others possibly being wrong, I more than recognized that no surefire argument had been given my me. How could it since I started off by saying my information was very limited?
Even now, I am taking the word of those posting here who claim they know better. No one has proved anything; however, I have no reason to doubt what little has been said by them because I know even less when it comes to Zenworks.
I know how Kerberos works. I have no clue about any Netware products.
Josh Bell said,
November 23, 2008 at 9:06 pm
Jose,
I’ve been using NetWare and it’s related products for over 20 years. Last year was my first using the Linux related products. I’ve been using Linux products for about 3 years or so.
Jose_X said,
November 23, 2008 at 9:35 pm
Like I said, I have no reason to doubt. Please don’t take my healthy skepticism personally (same thing, Dan and anyone else). It’s a defensive mechanism. If “I” don’t know, I have to be wary. You might be the most knowledgeable and honest person I will ever come across, and I doubt I will realize it.
Dan O'Brian said,
November 23, 2008 at 10:09 pm
Jose: and Roy knows even less than you do, but that didn’t stop him from making a fool of himself because he didn’t take the 5-10 minutes it would have taken to do some preliminary research would have prevented his mistake.
We see this over and over again, this isn’t the first time Roy has made a blunder and it won’t be the last. Nearly every post he makes has such blunders.
It should be embarrassing to him, but alas he keeps repeating his mistakes over and over.
Josh Bell said,
November 23, 2008 at 11:05 pm
Jose,
At the very least you admit when you don’t know something. It’s fine to be skeptical especially when you never used something and you don’t know me or most anyone else personally. I’m not taking anything personally on this site. I think FUD begats FUD. This site has become nothing more than a tabloid with blatant inaccuracies such as this piece and piecemeal reporting at best with many things taken out of context.
As many have said this is Roy and Shane’s site and they can say what they want. However, there have been numerous occassions where Roy especially has been called out and then has to backtrack and doublespeak to get out of the hole he dug.
Roy Schestowitz said,
November 24, 2008 at 3:22 am
The post only asks a question. Thank you for the answer.