Welcome Guest. | Log In| Register | Membership Benefits


Satan's Surprise

A glitch in the security tool may make hosts vulnerable to break-ins

By Clinton Wilder
Issue date: April 24, 1995

In its first week as freeware on the Internet, the controversial security tool called Satan had a surprise for fans, foes, and even its co-creator. Fears of widespread hacker break-ins due to Satan (System Administrator Tool for Analyzing Networks) went unrealized, but Net security experts discovered that running the Satan program to analyze the security of a network could, in r are cases, actually help to open a network to outsiders.

The Computer Emergency Response Team (CERT) at Carnegie-Mellon University in Pittsburgh, which monitors Internet security, issued an advisory April 10 warning that Satan, when run with certain World Wide Web browsers (including Netscape and Lynx, but not Mosaic) on a local or wide area network, could expose that Satan host to intrusion from another Web site.

Satan co-author Dan Farmer posted a new version (Satan 1.1) on the Internet the next day. The updated version tightens Satan's security and warns users of the potential for vulerability.

The glitch renewed the debate about Farmer's decision to freely distribute the network-probing program. "Many people are connected who [don't understand] systems administration," says Herb Morreale, president of XOR Network Engineering Inc., an Internet service provider in Boulder, Colo.

Farmer released Satan on April 5. The glitch that CERT warns ab out can occur if users move immediately from a session running Satan on their network to browsing the Web without first quitting their browser. And even then, that user must immediately go to a site that happens to be using a specific data-capturing application.

The glitch can be avoided through some simple efforts, such as exiting the browser at the end of every Satan session or by using a browser that isn't affected, such as Mosaic. No security breaches were reported as a result of the Satan glitch, according to CERT spokesman Terry McGillen.

Although Farmer admits that the glitch was an oversight, he angrily accuses CERT of making a mountain out of a molehill.

with additional reporting by Mitch Wagner and Jason Levitt

Comments on this story?