Using the provided guidelines the Cost of this incident tally's as follows:
Analyst hours expended:

Disassembly / initial analysis           8
Code execution / debug                   4
Code tracing / network capture          36
decoder                                  4
writeup / analysis                       8

total                                   60

@ $33/hour                           $1980


I am a consulting engineer with 12 years experience with unix working in both sysadmin and coding applications in 'C', perl, shells and the standard unix tools.

In security analysis and reverse engineering I have worked in both finding vulnerabilities and designing secured systems and protocols since 1995.

in 1995 I used a similar strategy to the one I have applied here to demonstrate a hole in Microsoft's NT password-change mechanism, allowing an attacker who could simply sniff packets and perform a simple analysis to glean most of the passwords used in an NT Lan. I believe this was the same flaw which was later demonstrated in 'LOphtCrack'.

Author / contact

Forrest Whitcher 31 May, 2002 fw_sec@fwsystems.com

Copyright © 2002 FW Systems LLC, All Rights Reserved