<<BE WARNED, THE FOLLOWING POST MAY SEEM SOMEWHAT POINTLESS>>

I've recently quit my steady, full-time, well paying, benefit-loaded job as a Sherwin-Williams "sales-associate" (delivery driver was basically my job-description, but hey, every position's got a title, right?) to pursue a part-time, low-paying, no-benefit job at the university that I currently attend (www.utpb.edu). I did this for two reasons...

(1) I'm a HUGE procrastinator (just look at my signature...), and after Halloween, this semester's major assignments and exams jumped out of nowhere and bit me in the ass... I had to make a choice between making the grades or making the paycheck - I chose grades (which was a very poor decision in short-term retrospect (...so...hungry...))

(2) I was offered a job : "lab-assistant" of the Computer Science Research Lab. The "lab-assistant" is essentially the network administrator of the Computer Science subnet (cslab.utpb.edu)

I was offered this job because:

(a) I am one of the more "conceptual" cosc students (meaning that I actually do my homework rather than download it ), and I spend more time at the lab than I do at my house...

(b) My topic of research this semester was "Sun lab security." So that I could complete my research sufficiently, I was given full administrative privileges... I pointed out some (very obvious) vulnerabilities in the network, but more importantly, restored the lab to functionality... http://204.158.158.14/current/cs4395-team5/index.html

Anyway...

During my research presentation tonight, I pointed out the fact that one of the two Sun servers on the network allowed a telnet login with a weak username and password (username: student passwd: student).

I made the argument that if a malicious hacker (or student) found the open port 23 by running a simple port scan, and then ran a quick "whois" on the IP (which would show "University of Texas of the Permian Basin UTPB-REACH (NET-204-158-144-0-1)", then the student/student combination would be relatively easy to deduce...

I then made a bold statement: "...once the malicious user has even limited access, then it is relatively trivial for them to create a script to find the root password via a dictionary attack..."

No one questioned me, but after the presentation, I started to wonder whether or not this was as easy as I'd led everyone to believe. After much "googlin'," I was unable to come up with a single page that discussed such an exploit. However, it seems that something like this would be relatively easy to implement... though I'm not sure exactly how it would be... does anyone else???

Anyway, sorry about going on and on and on... it's late and I'm a little faded...

-Wiski