(no subject)

English amnesiac may be French porn star

VANCOUVER - A man who tried to convince Canadian authorities he was an uppercrust Englishman suffering from memory loss, may in fact be a gay porn star from France.

The bizarre tale began when a man claiming to be mugging victim showed up a Toronto hospital two years ago. He told hospital staff he had no memory of his past life.

Nurses noted at the time that he was in great shape, had a nice tan, and his hands were immaculately manicured.

Bwaahah! Immaculately manicured! (not that there's anything wrong with that! ;)

Doh

Got into work today just as co-worker got a call from a research group we have, saying they think one of their machines (running Solaris 7) had been cracked. He checked it out, and sure enough, it was cracked. So he checked another one.. and another one.. at 7 machines, he said "uh oh". So I had a look at some more suns we had.. 3 of 6 were cracked too. This is when I thought.. doh

So I talked to UWA's friendly network admin and got traffic logs from those machines for yesterday (we caught the hack in about 12 hours.. pretty well done). Had a look thru, and tada.. they had all grabbed patches from sunsolve8.sun.com ... Talked to the network admin again, and got packet logs for all our machines which had accessed sunsolve8.sun.com .. and found a total of 16 machines on our network which had been hacked. Then, being the public spirited person I am, I got a sysadmin in another department to check his suns.. and some of them were hacked too.. then, I got the network admin guy to mail the technical contacts for everyone which had a machine access sunsolve8.sun.com.

Evidentally he told people to contact me for more information.. so I was getting calls and emails from people all over campus looking for more information. Kinda exciting really ;) From the calls I got.. looks like about 60 machines on campus hacked. Umm.. oops. That'll be fun. They exploited a bug found in Solaris and announced last week. Blah. It was good being the central contact, cause I was able to get more information from another department that had several machines hacked. They use a transparent proxy, and were able to find a copy of the hacking tools installed on each system. so I got a copy of that, and am now pretty sure I know what they did. Solaris crackers are weird.. in all the sun hacks I have seen, the first thing they do is download all the operating system patches from sun.com and apply them. Must be doing it to show they don't have malicious intent. No malicious intent my ass. Anything which takes 20hours of my time to fix is not non malicious.

So tomorrow, I have to reinstall.. or possibly "clean" the 4 suns in our department that got hacked :P The boss really favours a clean install.. but sheesh.. that's like a day per machine. I have a lot better stuff to do with my time. I think I can clean them pretty well.

Sigh. I wanna be doing PHP. Then I have to write a printer spooler. And take half a day off to buy plane tickets :D