[LINK] 'NSW MP's Workstation had Network-Scanning Software'
Tue, 4 Sep 2001 09:22:05 +1000
SMH reports an interesting leak from the report on the NSW MP's machine.
I believe in a considerable degree of freedom of workstation use for
employees (e.g. private email, lookups of white pages, shopping in
the lunch-hour, and constraints on monitoring, and on logging, and on
uses of logs by employers).
But I'm not sure that I see employee freedom to install
network-scanning software on their workstation as being all that
(Okay, this relates to an MP, who is a representatives, not an
employee, But I haven't thought about it in *that* context before
IT blamed for secret downloads
[No, I don't know what the sub-editor thought the heading meant
either. Maybe 'IT' is now a sentient being, capable of being
The Sydney Morning Herald
By Robert Wainwright, State Political Correspondent
The eSec report, part of which has been obtained by the Herald,
concluded: "A computer in the office of The Hon. Tony Kelly MLC
appears to have been used to download, install and run computer
security tools that assist in identifying poorly protected shared
directories under the Windows File Sharing function.
"Two of the tools (LANguard and Cerberus Webscan) are
network-scanning tools that assist in identifying vulnerabilities in
a computer operating system that may then be exploited through other
"In the case of LANguard, which is capable of identifying Windows
Share passwords through a brute force guessing approach, the only
tool required to exploit the vulnerability is Windows Explorer."
The report said LANguard was installed at 9.33pm on July 20. Over the
next two hours, someone began using the software to scan as many as
150 computers in the Parliamentary network.
"Although there is no way to be sure that the scan was completed, it
would take the application approximately 45 minutes to run the scan,
assuming that 150 computers were located and that a detailed scan of
each computer was conducted.
"If the scan was completed, the likelihood of a computer with a
shared directory with no passwords, or a weak password, being
identified is significant.
"Due to the number of security related tools that were located during
the analysis it is reasonable to conclude that a person with an
interest in computer security operated the computer at various times,
including as recently as July 20, and that the computer was used to
launch scans within the PNSW network.
"It is not possible to determine the identity of that person based on
the information contained on the computer."
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
Visiting Fellow Department of Computer Science
The Australian National University Canberra ACT 0200 AUSTRALIA
Information Sciences Building Room 211 Tel: +61 2 6125 3666