Professional Documents
Culture Documents
Cuckoo's Egg Report
Cuckoo's Egg Report
Cuckoo's Egg Report
In 1-2 pages (a paragraph or so for each item), describe your top 3 security-related
takeaways or security insights you noted while reading the book. These insights can be
about anything you noted in the story (chocolate chip recipes do not count, though)
entities/organizations/groups, etc
1.
An insight that I really enjoyed reading about which also made the concept very clear to me was
in chapter 2, pages 12 – 13, in these pages’ cliff explains how the computer’s operating system
splits the hardware resources by comparing it to apartment housing. He goes on to explain the
way users might eat up systems resources (math problems, sending emails, writing a letter, etc)
the same way residents use resources (watching tv, talking on the phone, washes dishes, etc.) He
also talks about how privacy within apartment housing is regulated by locks and keys, the same
way computers are regulated by passwords. Computers need super-users, and apartments need
superintendents.
2.
Inside chapter 3, pages 20 – 21, Cliff has a run in with the hacker on a port by the name of tt23.
Cliff’s dilemma was to figure out which physical wires corresponded to the logical name tt23 to
try and find the location of the hacker. This chapter stuck with me because it demonstrated how
technicians might go about finding a threat within their system. It also gave a lot of information
3.
Between pages 44 – 47 in chapter 7, Wayne and Cliff are discussing what the hacker could do
with the stolen password file. Wayne explains to Cliff that the hacker only obtained their names
because every password in their system is encrypted by a trapdoor algorithm. This chapter
caught my eye because unlike the other two takeaways, I already had a pretty good
understanding of how encryptions work because of this course. However, I still found it very
interesting how the plain text password isn’t compared, but its encryption is. Which gives their
Explain the cuckoo’s egg exploit using the 4 security tenets of confidentiality, integrity,
entity.
The cuckoo’s egg exploit bypassed all four of these tenets. The hacker broke into a secured
system that only authorized people may have access to which breaks the confidentiality and
availability tenets. The hacker then proceeded to take over old accounts to modify files as super-
user which breaks integrity. He also took precautions to erase any clues of him being within the
On a 1200-baud Decwriter strewn together with four dozen obsolete teletypes and portable
terminals. Also started a logbook on the hacker, “If you don’t write it down, it didn’t happen.”
He watched the traffic between the modems and computers. The modems produced the tones of a
telephone into electronic pulses. He then wired printers, teletypes, and portable computers to
these lines, recording every keystroke that came through. It would then print out information that
Cliff could analyze. He also had help from a communications company by the name of Tymnet
which interconnected computers in major cities over a network. (Chapter 4, Pages 18 – 20)
3. Explain a technology/technique Cliff used to keep the hacker from getting any serious
During the Trojan horse program, before the hacker could run his program Cliff changed one line
in it, making it look like the hacker made a trivial error. Then he “diddled” a couple system
parameters slowing down the system so that the hacker would need time to rebuild his program.
Allowing enough time for Cliff to respond to the attack. (Chapter 9, Page 40)
4. What was the one action the hacker always did that alerted cliff that it was the hacker?
Wirth 4
The hacker would always become super-user by crawling through Gnu-Emacs hole on Sventek’s
account, or any other account that hasn’t been used in a long time. There are many instances of