
Breaking into ASOS - kencausey
http://www.os2museum.com/wp/breaking-into-asos/
======
outime
When reading the title I literally thought someone managed to break into
asos.com (the clothing store) as the branding itself is also in capital
letters and everything.

~~~
benbristow
Was just about to post the same comment.

------
EvanAnderson
The VisionFS SMB server referenced in the article has some interesting
history:
[http://www.rogerbinns.com/visionfs.html](http://www.rogerbinns.com/visionfs.html)

------
0x0
Even if F8 didn't exist, maybe it would be possible to just open the hd image
in a hex editor and search for the "QUIET=true" string and patch it out?

~~~
p_l
The option probably refers to kernel compilation option, which might just as
well remove the code printing messages altogether.

~~~
0x0
The link for the option goes to a page that talks about editing
/etc/default/boot, that's why I thought maybe it could be found with a hex
editor on the disk image :)

~~~
p_l
It used to be a common thing to recompile, at least partially, the kernel
image for your specific deployment, instead of having what some called "table-
driven OS".

Ultimately I say I prefer today's modular linux, though ZFS module allowing
editing of parameters after boot pushes it a bit further :D

------
Tepix
I wonder how secure it would be to put some ancient super obscure system on
the internet these days. Ideally with a CPU with an obscure instruction set.

All standard exploits would fail. Just make sure you don't have a shell
escape, shell commands would work of course.

~~~
chx
As the classic
[https://www.usenix.org/system/files/1401_08-12_mickens.pdf](https://www.usenix.org/system/files/1401_08-12_mickens.pdf)
notes:

> Basically, you’re either dealing with Mossad or not-Mossad.

Applied here: your system would be quite secure because most attacks are just
automated robots trying a known set of exploits. The moment someone actually
takes a shine to you, you are doomed as the system will be absolutely rife
with all sorts of secholes which can be figured out by obtaining a copy and
running a modern fuzzer against it.

We follow the same train of thought, on SSE I suggested using a Sunfire
machine to examine unknown USB sticks for similar reasons -- even if someone
tries to espionage on a company, the chances of them creating a malicious
stick which works an exploit on an ancient SPARC machine is extremely small
[https://security.stackexchange.com/a/103192/2429](https://security.stackexchange.com/a/103192/2429)

~~~
kjeetgill
Now that they've read this post I'm sure they're firing up a few Sunfire
machines for exploit development as we speak.

~~~
chx
Sunfire, DEC AlphaStation, SGI Fuel, iMac G3... the list is probably not
endless because USB only appeared at the tail end of non-x86 desktop
availability, still it's not a small list. Various routers as well...

------
raverbashing
Interesting. That looks like some quaint parallel world

I'm surprised that /etc/shadow was already a thing (ok 1999 is not that old)
but that rwroot device I'm not sure what it can be.

The custom bootloader is "funny" but that would be expected for a proprietary
Unix

~~~
cstross
/etc/shadow was a thing on SCO Unixen as far back as 1991, to the best of my
memory (and maybe sooner -- but not Xenix, which was System 7 based and
discontinued after 1991).

------
yjftsjthsd-h
Interesting that the passwd file contains actual users; I wonder if that's
actual users of the appliance, or developers who weren't pruned when they
shipped the image.

