Wirth 1

Cuckoo’s Egg Report

In 1-2 pages (a paragraph or so for each item), describe your top 3 security-related

takeaways or security insights you noted while reading the book. These insights can be

about anything you noted in the story (chocolate chip recipes do not count, though)

whether it is about technology, investigative/(pre)forensic techniques—technical or

otherwise, preventative, reactive, collaboration (or lack thereof) between

entities/organizations/groups, etc

1.

An insight that I really enjoyed reading about which also made the concept very clear to me was

in chapter 2, pages 12 – 13, in these pages’ cliff explains how the computer’s operating system

splits the hardware resources by comparing it to apartment housing. He goes on to explain the

way users might eat up systems resources (math problems, sending emails, writing a letter, etc)

the same way residents use resources (watching tv, talking on the phone, washes dishes, etc.) He

also talks about how privacy within apartment housing is regulated by locks and keys, the same

way computers are regulated by passwords. Computers need super-users, and apartments need

superintendents.

2.

Inside chapter 3, pages 20 – 21, Cliff has a run in with the hacker on a port by the name of tt23.

Cliff’s dilemma was to figure out which physical wires corresponded to the logical name tt23 to

try and find the location of the hacker. This chapter stuck with me because it demonstrated how

technicians might go about finding a threat within their system. It also gave a lot of information

on how ports and baud connections worked.

 Wirth 2

3.

Between pages 44 – 47 in chapter 7, Wayne and Cliff are discussing what the hacker could do

with the stolen password file. Wayne explains to Cliff that the hacker only obtained their names

because every password in their system is encrypted by a trapdoor algorithm. This chapter

caught my eye because unlike the other two takeaways, I already had a pretty good

understanding of how encryptions work because of this course. However, I still found it very

interesting how the plain text password isn’t compared, but its encryption is. Which gives their

system another layer of security.

Explain the cuckoo’s egg exploit using the 4 security tenets of confidentiality, integrity,

availability, and accountability.

To briefly explain the four security tenets;

- Confidentiality is a set of rules that limits access to information.

- Integrity is the assurance that the information is trustworthy and accurate.

- Availability is a guarantee of reliable access to the information by authorized people.

- Accountability is the traceability of actions performed on a system to a specific system

entity.

The cuckoo’s egg exploit bypassed all four of these tenets. The hacker broke into a secured

system that only authorized people may have access to which breaks the confidentiality and

availability tenets. The hacker then proceeded to take over old accounts to modify files as super-

user which breaks integrity. He also took precautions to erase any clues of him being within the

system which breaks accountability.

 Wirth 3

Choose and answer any 4 questions below;

1. On what did he record the suspected hacker’s activity?

On a 1200-baud Decwriter strewn together with four dozen obsolete teletypes and portable

terminals. Also started a logbook on the hacker, “If you don’t write it down, it didn’t happen.”

(Chapter 4, Page 20)

2. How did Cliff first record the suspected hacker’s activity?

He watched the traffic between the modems and computers. The modems produced the tones of a

telephone into electronic pulses. He then wired printers, teletypes, and portable computers to

these lines, recording every keystroke that came through. It would then print out information that

Cliff could analyze. He also had help from a communications company by the name of Tymnet

which interconnected computers in major cities over a network. (Chapter 4, Pages 18 – 20)

3. Explain a technology/technique Cliff used to keep the hacker from getting any serious

access on certain occasions.

During the Trojan horse program, before the hacker could run his program Cliff changed one line

in it, making it look like the hacker made a trivial error. Then he “diddled” a couple system

parameters slowing down the system so that the hacker would need time to rebuild his program.

Allowing enough time for Cliff to respond to the attack. (Chapter 9, Page 40)

4. What was the one action the hacker always did that alerted cliff that it was the hacker?
 Wirth 4

The hacker would always become super-user by crawling through Gnu-Emacs hole on Sventek’s

account, or any other account that hasn’t been used in a long time. There are many instances of

this, but I will cite (Chapter 11, Pages 68 – 69)